Blog for hpHosts, and whatever else I feel like writing about ....

Thursday 24 September 2009

Senpai IT Solutions killed malicious servers

I'm happy to report, after identifying yet more malicious activity on Senpai IT Solutions network, and sending another e-mail to them, Senpai IT Solutions have informed me they've now completely disabled the servers for the following;

88.198.81.153 - static.88-198-81-153.clients.your-server.de
88.198.120.177 - static.88-198-120-177.clients.your-server.de
78.46.251.41 - static.41.251.46.78.clients.your-server.de
78.47.114.193 - static.193.114.47.78.clients.your-server.de
78.46.201.89 - static.89.201.46.78.clients.your-server.de

You'll no doubt already be aware that these have a recent history of malicious activity, and I'd like to thank Siarhei at Senpai for taking action and shutting them down.

History:

http://hosts-file.net/?s=78.46.201.89&view=history
http://hosts-file.net/?s=78.46.251.41&view=history
http://hosts-file.net/?s=78.47.114.193&view=history
http://hosts-file.net/?s=88.198.81.153&view=history
http://hosts-file.net/?s=88.198.120.177&view=history

I'll be continuing to monitor their network, and have asked him to shut down another couple of servers involved (78.46.251.43 and 78.47.91.154), so we'll see what else pops up.

/edit 23:12

Little update, I've had a response from Siarhei to inform me .43 has been disabled aswell, and .154 was apparently formatted and sold to someone else two weeks ago (there's been no activity on that IP, within the last two weeks, so obviously the new owner isn't malicious (so far)).

References:

malwaredomainslist.com - The rogues love MDL!
http://hphosts.blogspot.com/2009/07/malwaredomainslistcom-rogues-love-mdl.html

Web Poisoning: Youtube video lead to Rogue Antispyware - Antivirus360
http://malware-web-threats.blogspot.com/2009/03/web-poisoning-youtube-video-lead-to.html

No comments: