I was reading a contraversial blog today and AdBlock showed the following two items that were on that site and if I wished to block those items.
http://127.00.1:36006/js.cgi?pacaw&r=5075
http://127.00.1:3004/js.cgi?pacaw&r=491
trying to find out what the above means ... I came up with ....
http://www.mozdev.org/pipermail/greasem ... 08643.html
http://www.mozdev.org/pipermail/greasem ... 08645.html
Does this mean there is a scripted trojan on the site or ????
Also, I saw a small square box with the words "block" and out of curiosity I right clicked on it to see what was there ... whatever it was I only saw the word "bug" which adblock had blocked.
Opinions please ...
Full Version: What does this mean?
If Adblock blocked a web bug, I'm not going to look further 
QUOTE
A web bug is any one of a number of techniques used to track who is reading a web page or e-mail, when, and from what computer. They can also be used to see if an e-mail was read, forwarded, to someone else or if a web page was copied to another website. The first web bugs were small images.
Some e-mails and web pages are not wholly self-contained. They may refer to content on another server, rather than including the content directly. When an e-mail client or web browser prepares such an e-mail or web page for display, it ordinarily sends a request to the server to send the additional content.
These requests typically include the IP address of the requesting computer; the time the content was requested; the type of web browser that made the request; and the existence of cookies previously set by that server. The server can store all of this information, and associate it with a unique tracking token attached to the content request.
Web bugs are typically used by third parties to monitor the activity of customers at a site. Turning off the browser's cookies can prevent some web bugs from tracking a customer's specific activity. The web site logs will still record a page request from the customer's IP address, but unique information associated with a cookie cannot be recorded. However, web site server techniques that do not use cookies can be employed to help track a site's cookie-blocking users. For example, a web site can identify a request from a new visitor and send that visitor links that pass a unique ID as a GET parameter.
Some e-mails and web pages are not wholly self-contained. They may refer to content on another server, rather than including the content directly. When an e-mail client or web browser prepares such an e-mail or web page for display, it ordinarily sends a request to the server to send the additional content.
These requests typically include the IP address of the requesting computer; the time the content was requested; the type of web browser that made the request; and the existence of cookies previously set by that server. The server can store all of this information, and associate it with a unique tracking token attached to the content request.
Web bugs are typically used by third parties to monitor the activity of customers at a site. Turning off the browser's cookies can prevent some web bugs from tracking a customer's specific activity. The web site logs will still record a page request from the customer's IP address, but unique information associated with a cookie cannot be recorded. However, web site server techniques that do not use cookies can be employed to help track a site's cookie-blocking users. For example, a web site can identify a request from a new visitor and send that visitor links that pass a unique ID as a GET parameter.
The last 2 links you have posted are broken, however I noticed you have the same post at Smokey's and those links work. I was only able to obtain information on that first port.
Port 3004 seems to be commonly used by Csoft Agent and used by the service of a similar name called csoftragent. However another program could have been setup by you to use that port.
The only information I could find on port 36006 was that it could be used by a Linux system for outgoing traffic.
The 2 articles brought up in your research are related to completely different ports. If you are worried that you are infected you could post your HJT log in our HJT forum.
Port 3004 seems to be commonly used by Csoft Agent and used by the service of a similar name called csoftragent. However another program could have been setup by you to use that port.
The only information I could find on port 36006 was that it could be used by a Linux system for outgoing traffic.
The 2 articles brought up in your research are related to completely different ports. If you are worried that you are infected you could post your HJT log in our HJT forum.
Oh no, Nebon I am not worried about being infected ... I just wanted to know what kind of scripting was being used on that blog and if it could contain a trojan, as the first two are what AdBlock had on the list for me to block or not from that site ... I also use NoScript so that was also blocking the scripting on that blog. The other two links was I was researching for some way of understanding if that scripting on the blog had a trojan there or not.
Yes, I did post on smokey's forum ... I need all the help I can get.
chachazz, you bet adBlock blocked the web bug ... I saw that little square that said "block" and curiosity got the better of me or maybe stupidity, so I right clicked on it to see what was there. :lol: There was more than one bug ... unbelievable.
Shortly afterwards, I was denied access to the blog ... so if there is nothing there to identify me, how did the owner of the blog determine blocking access??? Odd thing is also I was not using my own IP ... I used a Wi-Fi and used a different IP and server. The owner of the blog obviously did not want me to investigate his activities so must have tracked my activities...
Yes, I did post on smokey's forum ... I need all the help I can get.
chachazz, you bet adBlock blocked the web bug ... I saw that little square that said "block" and curiosity got the better of me or maybe stupidity, so I right clicked on it to see what was there. :lol: There was more than one bug ... unbelievable.
Shortly afterwards, I was denied access to the blog ... so if there is nothing there to identify me, how did the owner of the blog determine blocking access??? Odd thing is also I was not using my own IP ... I used a Wi-Fi and used a different IP and server. The owner of the blog obviously did not want me to investigate his activities so must have tracked my activities...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.