Author Topic: Interserver, malware, and the Scottish weather (Read 8949 times)

MysteryFCM · June 17, 2011, 02:16:38 am

Interserver, malware, and the Scottish weather

Quote

They say, if you don't like the Scottish weather, wait 20 mins. That's all I've got on that one.

In the last few weeks alone, 2 specific IPs have racked up a count of over 2000 malicious domains, most through just a handful of registrars (all those through DirectI have been suspended within around 20 mins on average, of being discovered, with DirectI suspending several thousand more related domains and several hundred entire accounts).

The latest domain, dablane.com, identified around 15 mins ago, is through a new registrar (or new to this campaign anyway), REGISTERDOMAIN.NAME, which appears to be a NETEARTH reseller.

The two IPs, 66.45.243.37 [reverse243-34.reserver.ru] and 66.45.243.38 [reverse243-34.reserver.ru], have since May 22nd, racked up the following, with likely alot more not yet being identified;

Read more
http://hphosts.blogspot.com/2011/06/interserver-malware-and-scottish.html

MysteryFCM · June 23, 2011, 04:02:41 am

http://hphosts.blogspot.com/2011/06/part-3-interserver-malware-and-scottish.html

MysteryFCM · June 23, 2011, 04:54:19 am

http://hphosts.blogspot.com/2011/06/part-4-interserver-malware-and-scottish.html

MysteryFCM · June 27, 2011, 01:21:52 pm

Part 5: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-5-interserver-malware-and-scottish.html

MysteryFCM · July 06, 2011, 01:22:08 pm

When is a 24 hour warning not a 24 hour warning? (aka HostNOC/Burst finally suspend Renos server)
http://hphosts.blogspot.com/2011/07/when-is-24-hour-warning-not-24-hour.html

MysteryFCM · July 19, 2011, 03:54:23 pm

Part 9: Interserver, malware, and the Scottish weather

Quote

I love predictability, makes my job much easier (well, as far as these chaps are concerned anyway). 3 IPs as of today, same registrars (surprise surprise);

UK2
DirectI
NetEarth

One of the IPs is the same as yesterday (errr Burst.net/HostNOC - what happened to your 24 hour warning?).

66.197.187.152 immovable.detectstakes.com AS21788 66.197.128.0/17 NOC - Network Operations Center Inc.
193.105.171.120 120-171-105-193.coolvds.com AS50669 193.105.171.0/24 COOLVDS-AS FOP Kutcevol Maksum Mukolaevich
184.22.251.238 184-22-251-238.static.hostnoc.net AS21788 184.22.224.0/19 NOC - Network Operations Center Inc.

http://hphosts.blogspot.com/2011/07/part-9-interserver-malware-and-scottish.html

MysteryFCM · July 22, 2011, 09:38:46 pm

http://hphosts.blogspot.com/2011/07/part-10-renos-on-move-previously.html

MysteryFCM · July 24, 2011, 03:48:22 pm

http://hphosts.blogspot.com/2011/07/part-11-renos-on-move.html

Author Topic: Interserver, malware, and the Scottish weather (Read 8949 times)

MysteryFCM

Interserver, malware, and the Scottish weather

MysteryFCM

Re: Interserver, malware, and the Scottish weather

MysteryFCM

Re: Interserver, malware, and the Scottish weather

MysteryFCM

Re: Interserver, malware, and the Scottish weather

MysteryFCM

Re: Interserver, malware, and the Scottish weather

MysteryFCM

Re: Interserver, malware, and the Scottish weather

MysteryFCM

Re: Interserver, malware, and the Scottish weather

MysteryFCM

Re: Interserver, malware, and the Scottish weather