Blog for hpHosts, and whatever else I feel like writing about ....

Sunday, 19 June 2011

Part 2: Interserver, malware, and the Scottish weather

Not surprisingly, since my last post, they've switched the latest ones back to HostNOC/Burst.Net (same company that took 3 years to boot them last time). Registrars are primarily DirectI and UK2 (who don't seem to be replying ....). DirectI have been shutting down those I've found, within 30 mins of their being reported.

I've likely missed quite a few since my sleeping meds knocked me out for a considerable amount of time (2300 until approx 0900 this morning), but those I've caught so far include;


20110619174334    21788    21788 NOC - Network Operations Center Inc.    bf810e055f9c61052c154aad1630f48c

20110619160546    21788    21788 NOC - Network Operations Center Inc.    76529b3840bab87bfb961702543ac171

20110618202630    21788    21788 NOC - Network Operations Center Inc.    dd793fd7422cb47e75f5f58497ee4ace

20110618202255    21788    21788 NOC - Network Operations Center Inc.    9cb3a50d5e12fb90d9adefb29361f6c2

20110618182942    21788    21788 NOC - Network Operations Center Inc.    aa47878435a1d88885b7e16f9d345938

20110618165858    21788    21788 NOC - Network Operations Center Inc.    3db48722c8657b51baf665ebb7d82855

20110618154609    21788    21788 NOC - Network Operations Center Inc.    b6580e3a7d0a7c1a30b607843c4c486f

20110618154559    21788    21788 NOC - Network Operations Center Inc.    92ec2a392b6cf76b77614bbe5001df6d

20110618130236    21788    21788 NOC - Network Operations Center Inc.    d5853b3c46ecae42f47588829b7dc661

20110520115255    21788    21788 NOC - Network Operations Center Inc.    0dfe88ed5dc40880ae1bae8b0064df8d

As you'll note, there's no more on Interserver since the last post, but given it's not been suspended yet, given one of the IPs is still spewing the malicious file (501b010046accf0f6755a85588a5ebd0 as of 2 seconds ago). I've finally had someone from Interserver contact me via e-mail, following my follow up call to them yesterday, but he's having problems reproducing the instructions I provided.


Interserver, malware, and the Scottish weather

No comments: