- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: RIPEMD160
- We see your attempt at censoring this pastebin by getting it removed,
- we now raise you lots of mirroring of this pastebin on many places.
- ~ NET-72-20-13-0-1 ~
- Geo Location : Temple, Texas
- Organization : observers.net
- CustName : Observers.net
- Address : 1515 S 37th St
- City : Temple
- StateProv : TX
- PostalCode : 76504
- Country : US
- RegDate : 2011-08-17
- Updated : 2011-08-17
- 72.20.13.0 (72.20.13.0)
- 72.20.13.1 (observers.net)
- 72.20.13.2 (observers.net)
- 72.20.13.3 (loves.butthumping.org)
- 72.20.13.4 (shittalker.net)
- 72.20.13.5 (you.have.been.root-ed.net)
- 72.20.13.6 (gettin.laid.didnthappen.net)
- 72.20.13.7 (irc.isevil.biz)
- 72.20.13.8 (bratty.violates.us)
- 72.20.13.9 (onegirl.violates.us)
- 72.20.13.10 (ubersource.net)
- 72.20.13.11 (dominance.unrelenting.net)
- 72.20.13.12 (drama.continued.org)
- 72.20.13.13 (irc.observers.net)
- 72.20.13.14 (lo0.core-1.chi.nullrouted.net)
- 72.20.13.15 (THAT.bitch.from.observers.net)
- 72.20.13.16 (ate.out.youmoms.net)
- 72.20.13.17 (organized.crime.inspiringevil.com)
- 72.20.13.18 (just.cuz.i.got.a.HUGE.cock.dont.mean.you.gotta.be.afraid.org)
- 72.20.13.19 (observes.hateration.net)
- 72.20.13.20 (bratty.dramawhore.net)
- 72.20.13.21 (mr.slippyfist.com)
- 72.20.13.22 (oldschool.whitehat.net)
- 72.20.13.23 (.)
- 72.20.13.24 (.)
- 72.20.13.25 (.)
- 72.20.13.26 (ns1.observers.net)
- 72.20.13.27 (ns2.observers.net)
- 72.20.13.28 (.)
- 72.20.13.29 (THAT.bitch.from.observers.net)
- 72.20.13.30 (box.observers.net)
- 72.20.13.31 (.)
- 72.20.13.32 (.)
- ~ NET-72-20-13-0-1 ~
- ~ Intel on 72.20.13.13 ~
- Botnet C&C Detected '72.20.13.13:6667' http://xml.ssdsandbox.net/ip?ip=72.20.13.13 (Run by http://www.threattrack.com/)
- http://xml.ssdsandbox.net/view/7741d15577526d7595dc9111918fed9d
- http://xml.ssdsandbox.net/view/7f62d5d24b5e0d7c8d2aea2fdcd70894
- http://xml.ssdsandbox.net/view/ce61ba64faabb2a141faadead199b383
- http://isthisfilesafe.com/sha1/1F8F3FAEB090F1708D1051D77D70F1675D28F304_details.aspx
- https://www.virustotal.com/file/343f453318630b1b40719103766a4411d2e4dfe983d4abf337652f6092d63ca8/analysis/
- Blacklisted by Shadowserver as C&C:
- http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
- http://rules.emergingthreats.net/blockrules/emerging-botcc.suricata.rules
- "ET CNC Shadowserver Reported CnC Server IP (group 36)" "classtype:trojan-activity"
- Another list as C&C Server (Original flagging probably by Shadowserver):
- http://www.tc.edu.tw/net/netflow/lkout
- Flagged P2P Worm C&C:
- http://www.totalmalwareinfo.com/rus/P2P-Worm.Win32.Lolol.a
- Hub for SRSIRC (irc.srsirc.com)
- https://twitter.com/TheResGroup/status/210051792950669313
- ~ Intel on 72.20.13.13 ~
- -----BEGIN PGP SIGNATURE-----
- Version: GnuPG v2.0.17 (MingW32)
- iQIcBAEBAwAGBQJP0MYVAAoJEFydt9HxKF6qGP8P/2PLpFbOmPnZ5Kfsg6U+r5B6
- gqdNB8zbHajIw9PsQGHRZsjbcYhfUziD7omgrQ3UcN4Qhvw9M7+MNFCI0zpibDsh
- Qb1THMbbJprPyFlJECNDOTbgrxfllTrO0fbS//n0waixY00CJQPNBdhOJhykVoMH
- X10pLbw7OCXAl2CZQ/unuTyvmKiAwUQtbUEvEeHTROp4n/QwWb0TSzdn2oerW+B1
- q1P46CdyTUg+4EXMN/TnyYNgPmp0PCWCRQQjDgerNlIuMDU4VZA4EXkbDgcE4Kfw
- 7hDMBtVm7p3knerE716RLfUs1ZvEt6pzIQtq64Z6f8w2iiQ98kpcCUg4Xw0+A+0d
- ZynxUZSfveE6ohS1S8ugogvLli1vCq23PT4gPQDx87+ROw57vWlu0LaE4rjp9sUw
- nz+dwsjbYNsSe4zMODcnMyITlusyIIPUvnDmM1ZSxdy6kVR5G9vLv7h70PT1hEpi
- tZtixVevOKTZ5DfBc0QNE6HsFurD1rnZWr3Gh+xRZ+Wqx6S58daU0U5Y6C1XyD6B
- pqPiEIZawN2YWRlEpHdZlpdA6UJWeVOR0yc9yjbABNDPAj3+edC/8PT+5qsYJVuI
- ZeU7qqyARYC24VIrtoXKGeiR0z9cerTc7Tgzqd3gGHo/OLOKcnM2ok8dz5eHz6PT
- Vpw/ZpoIFSz7/tMNRk+X
- =0Ic0
- -----END PGP SIGNATURE-----