View Full Version : Botnet startup
i am watching you
10-13-2009, 04:01 PM
Hi
This is the start of a botnet :
http://pugzksrvgf.happyhost.org/
There are hundreds of pages on that one site, with every word, which will turn into Comment Spam with links; which in turn will be used for phishing.
http://au.search.yahoo.com/search?p=pugzksrvgf.happyhost.org&fr=yfp-t-501&ei=UTF-8
Only started a few hours ago, so as of now there are only 18 listings, this can and sometimes does turn into thousands of listings.
i am watching you
10-13-2009, 04:32 PM
Hi
I have found this co in the past to be very frustrating at shutting down phishing/botnet sites, they host. I tried for a year with hundreds of sites and they never replied !
happyhost.org
74.52.83.82
Record Type: IP Address
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US
Dick H Box
10-13-2009, 08:03 PM
http://pugzksrvgf.happyhost.org/ has now, (15/10/09) been taken down. "happyhost" has a WOT Red flag.
:rip:
Dick H Box
10-13-2009, 08:36 PM
From my connection the URL
http://pugzksrvgf.happyhost.org/
points to:
http://yourseekinfo.com/index.php?pad=1476&sub=4&search=how+to+grow+rosemary
Refreshing just reloads the same page. It was redirecting to www.videojug.com/
landing on a different page each time, but now I just get 'yourseekinfo.com/index', & there it stops. The trail has disappeared from my end.
i am watching you
10-14-2009, 11:11 AM
One of hundreds of fake listings the seekinfo site lists ( all being fake )
Domain name: spyware-remover-free.com
dministrative Contact:
Name: domain owner
Organization: n/a
Address: Engelenburg 44
City: Haarlem
Province/state: HAARLEM
Country: NL
Postal Code: 2036
Phone: +31.543581388
Fax: +31.543581388
Email: [robertsimonkroon@gmail.com]
Nameserver Information:
ns1.privacy-software.info
ns2.privacy-software.info
Create: 2009-10-14 16:23:40
Update: 2009-10-14
Name Server details:
Domain Name:PRIVACY-SOFTWARE.INFO
Created On:30-Jul-2009 19:09:52 UTC
Last Updated On:05-Oct-2009 17:43:48 UTC
Expiration Date:30-Jul-2010 19:09:52 UTC
Sponsoring Registrar:Todaynic.com, Inc. (R285-LRMS)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:TOD-41553757
Registrant Name:Privacy Software INC
Registrant Organization:Privacy Software INC
Registrant Street1:Hanckemaborg 21
Registrant Street2:
Registrant Street3:
Registrant City:Groningen
Registrant State/Province:GRONINGEN
Registrant Postal Code:9722
Registrant Country:NL
Registrant Phone:+31.543581320
Registrant Phone Ext.:
Registrant FAX:+31.543581320
Registrant FAX Ext.:
Registrant Email: [michaeltycoon@gmail.com]
i am watching you
10-14-2009, 11:16 AM
Some more of his Portfolio of fake spyware:
free-spyware-cleaner .com - 212.117.160.18 -
Email: [robertsimonkroon@gmail.com]
free-spyware-checker .org - Email: [robertsimonkroon@gmail.com]
fast-spyware-cleaner .org - Email: [robertsimonkroon@gmail.com]
clean-pc-now .org - Email: [robertsimonkroon@gmail.com]
spyware-scaner .com - Email: [robertsimonkroon@gmail.com]
free-spyware-cleaner .com - Email: [robertsimonkroon@gmail.com]
free-tube-orgasm .net - Email: [robertsimonkroon@gmail.com]
free-spyware-cleaner .net - Email: [robertsimonkroon@gmail.com]
clean-pc-now .net - Email: [robertsimonkroon@gmail.com]
spyware-killer .biz - Email: [robertsimonkroon@gmail.com]
Sampled malware phones back to od32qjx6meqos .cn/ua.php, more phone back locations are also parked there:
0ni9o1s3feu60 .cn - 220.196.59.23 - Email: robertsimonkroon@gmail.com
mf6gy4lj79ny5 .cn - Email: robertsimonkroon@gmail.com
84u9wb2hsh4p6 .cn - Email: robertsimonkroon@gmail.com
7bs5nfzfkp8q8 .cn - Email: robertsimonkroon@gmail.com
kt4lwumfhjb7a .cn - Email: robertsimonkroon@gmail.com
q2bf0fzvjb5ca .cn - Email: robertsimonkroon@gmail.com
rncocnspr44va .cn - Email: robertsimonkroon@gmail.com
t1eayoft9226b .cn - Email: robertsimonkroon@gmail.com
4go4i9n76ttwd .cn - Email: robertsimonkroon@gmail.com
kzvi4iiutr11e .cn - Email: robertsimonkroon@gmail.com
hxc7jitg7k57e .cn - Email: robertsimonkroon@gmail.com
mt3pvkfmpi7de .cn - Email: robertsimonkroon@gmail.com
fyivbrl3b0dyf .cn - Email: robertsimonkroon@gmail.com
z6ailnvi94jgg .cn - Email: robertsimonkroon@gmail.com
p7keflvui9fkl .cn - Email: robertsimonkroon@gmail.com
f1uq1dfi3qkcm .cn - Email: robertsimonkroon@gmail.com
p0umob9k2g7mp .cn - Email: robertsimonkroon@gmail.com
7zju2l82i2zhz .cn - Email: robertsimonkroon@gmail.com
clean-pc-now .net - 94.75.233.162 - Email: [robertsimonkroon@gmail.com]
fast-spyware-cleaner .org - Email: [robertsimonkroon@gmail.com]
spyware-scaner .com - Email: [robertsimonkroon@gmail.com]
scan-pc-now .com - Email: [robertsimonkroon@gmail.com]
free-tube-porn .biz - Email: [robertsimonkroon@gmail.com]
spyware-killer .biz - Email: [robertsimonkroon@gmail.com]
i am watching you
10-14-2009, 11:20 AM
His Trojans:
mf6gy4lj79ny5.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-06-10
details
t1eayoft9226b.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-06-15
details
kzvi4iiutr11e.cn
220.196.59.23
Trojan
[robertsimonkroon@gmail.com]
2009-06-18
details
7zju2l82i2zhz.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com
2009-07-09
details
f1uq1dfi3qkcm.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
hxc7jitg7k57e.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
rncocnspr44va.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
4go4i9n76ttwd.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
kt4lwumfhjb7a.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
z6ailnvi94jgg.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
7bs5nfzfkp8q8.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-11
details
84u9wb2hsh4p6.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-12
details
fyivbrl3b0dyf.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-13
details
p0umob9k2g7mp.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-15
details
mt3pvkfmpi7de.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-18
details
p7keflvui9fkl.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-20
details
q2bf0fzvjb5ca.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-21
details
0ni9o1s3feu60.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-22
details
7mx1z5jq0nt3o.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-22
details
7cib5fzf462g8.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-24
details
3uxyctrlmiqeo.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-27
details
bnfdxhae1rgey.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-29
details
hsdqhuy921c08.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-29
details
6j5aq93iu7yv4.cn
220.196.59.23
Trojan / Rogue Antivirus
Robert Kroon / robertsimonkroon@gmail.com
2009-07-31
details
6pj2h8rqkhfw7.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-08-02
details
fb7pxcqyb45oe.cn
220.196.59.23
Trojan / Rogue Antivirus
Robert Kroon / robertsimonkroon@gmail.com
2009-08-04
details
mfbj6pquvjv8e.cn
220.196.59.23
Trojan / Rogue Antivirus
Robert Kroon / [robertsimonkroon@gmail.com]
2009-08-05
details
gjpwsc5p7oe3m.cn
220.196.59.23
Trojan / Rogue Antivirus
Robert Kroon / [robertsimonkroon@gmail.com]
2009-08-08
details
od32qjx6meqos.cn
220.196.59.23
Trojan / Rogue Antivirus
Robert Kroon / [robertsimonkroon@gmail.com]
2009-08-12
details
220.196.59.23
220.196.59.23
Trojan
Trojan / Rogue Antivirus
Robert Kroon / [robertsimonkroon@gmail.com]
2009-09-02
details
i am watching you
10-14-2009, 11:27 AM
free-tube-porn.info
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-31
details
porn-tube-for-free.org
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-08-09
details
world-tube-free.info
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-08-13
details
world-tube-free.biz
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-08-14
details
malware-scanner.net
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-08-30
details
malware-scanner.biz
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-08-30
details
malware-scanner.info
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-08-30
details
hq-tube-porn.com
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-09-05
details
porn-free-tube.biz
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-09-05
details
malware-stop.com
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-09-05
details
sersoft.eu
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
2009-10-07
details
stop-malware.info
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-10-07
details
malware-stop.info
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-10-07
details
stop-malware.biz
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-10-07
details
stop-spyware.biz
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-10-07
details
Powered by vBulletin® Version 4.2.0 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.