[nsp-sec] Information request about upline-club.ru
Thomas Hungenberg
th.lab at hungenberg.net
Mon Jul 6 16:39:14 EDT 2009
Rob Thomas schrieb:
> We see the HTTP C&C on 217.20.118.165 active as of 2009-02-11 10:15:00
> UTC, with attacks on metasploit.com and h5.com among others. It appears
> to have gone quiet as of 2009-05-22 10:01:03 UTC (probably thanks to
> Thomas' efforts).
I talked to Netdirekt about this on 2009-05-28 when the C&C was still active.
IIRC it was shut down on 2009-05-28 afternoon, back up on 2009-05-29 morning,
shut down again and then the domain quickly moved to 91.212.41.252.
> We see the HTTP C&C go live on or about 2009-06-21 12:01:31 UTC. On
> 2009-06-21 through 2009-06-22 they attacked both www.panamoney.net and
> www.panamoney.info. Probably criminal on criminal crime in some way.
I've seen it returning DDoS targets like:
secure.fundsxpress.com
www.vebrr.ru
www.charterbankwa.com
It still did some hours ago, currently it does not return any URL.
Cheers,
Thomas
More information about the nsp-security
mailing list