hxxp://www.geekstogo.com/blog/wp-includes/js/scriptaculous/effects.js?ver=1.8.3
I've tried calling geekstogo.com but they rejected my call because my number is ex directory, and the host (SoftLayer) wasn't any help.
The exploit itself is loaded from a Hanaro hosted IP address (219.255.13.77), with another exploit loaded from;
75.127.112.107:82/exemple.com/load.php?spl=javas
75.127.112.107 is on a GNAX IP range. I'd suggest blocking both /24's with immediate effect.
/Update 02:14
A little extra digging has shown another IP involved, 109.236.81.40, which is on a well known criminal friendly IP range - WorldStream, and resolves to unoosearch.com.
Registration Service Provided By: RESELLERCLUB
Contact: +1.4152361970
Domain Name: UNOOSEARCH.COM
Registrant:
N/A
Prokopenko Aleksey (alex1978a@bigmir.net)
ul. Lenina, d 4, kv 1.
Ubileyniy
Luhansk Oblast,35631
UA
Tel. +38.0963639642
Creation Date: 27-Mar-2010
Expiration Date: 27-Mar-2011
Domain servers in listed order:
ns4.everydns.net
ns3.everydns.net
ns2.everydns.net
ns1.everydns.net
Administrative Contact:
N/A
Prokopenko Aleksey (alex1978a@bigmir.net)
ul. Lenina, d 4, kv 1.
Ubileyniy
Luhansk Oblast,35631
UA
Tel. +38.0963639642
Technical Contact:
N/A
Prokopenko Aleksey (alex1978a@bigmir.net)
ul. Lenina, d 4, kv 1.
Ubileyniy
Luhansk Oblast,35631
UA
Tel. +38.0963639642
Billing Contact:
N/A
Prokopenko Aleksey (alex1978a@bigmir.net)
ul. Lenina, d 4, kv 1.
Ubileyniy
Luhansk Oblast,35631
UA
Tel. +38.0963639642
Status:LOCKED
Contact: +1.4152361970
Domain Name: UNOOSEARCH.COM
Registrant:
N/A
Prokopenko Aleksey (alex1978a@bigmir.net)
ul. Lenina, d 4, kv 1.
Ubileyniy
Luhansk Oblast,35631
UA
Tel. +38.0963639642
Creation Date: 27-Mar-2010
Expiration Date: 27-Mar-2011
Domain servers in listed order:
ns4.everydns.net
ns3.everydns.net
ns2.everydns.net
ns1.everydns.net
Administrative Contact:
N/A
Prokopenko Aleksey (alex1978a@bigmir.net)
ul. Lenina, d 4, kv 1.
Ubileyniy
Luhansk Oblast,35631
UA
Tel. +38.0963639642
Technical Contact:
N/A
Prokopenko Aleksey (alex1978a@bigmir.net)
ul. Lenina, d 4, kv 1.
Ubileyniy
Luhansk Oblast,35631
UA
Tel. +38.0963639642
Billing Contact:
N/A
Prokopenko Aleksey (alex1978a@bigmir.net)
ul. Lenina, d 4, kv 1.
Ubileyniy
Luhansk Oblast,35631
UA
Tel. +38.0963639642
Status:LOCKED
Posts
3 comments:
They know now, and have closed the site to fix it
"UPDATE: We have identified our forum software is being targeted by a constant stream of hack attempts, and are in the process of updating our forum software..."
I am unable to get to geekstogo today. Is it down today as well?
I've checked the site, and it appears to be working correctly at the time of writing this.
It's likely it was either a glitch, or was down for maintenance.
Post a Comment