1. -----BEGIN PGP SIGNED MESSAGE-----
  2. Hash: RIPEMD160
  3. We see your attempt at censoring this pastebin by getting it removed,
  4. we now raise you lots of mirroring of this pastebin on many places.
  5. ~ NET-72-20-13-0-1 ~
  6. Geo Location : Temple, Texas
  7. Organization : observers.net
  8. CustName : Observers.net
  9. Address : 1515 S 37th St
  10. City : Temple
  11. StateProv : TX
  12. PostalCode : 76504
  13. Country : US
  14. RegDate : 2011-08-17
  15. Updated : 2011-08-17
  16. 72.20.13.0 (72.20.13.0)
  17. 72.20.13.1 (observers.net)
  18. 72.20.13.2 (observers.net)
  19. 72.20.13.3 (loves.butthumping.org)
  20. 72.20.13.4 (shittalker.net)
  21. 72.20.13.5 (you.have.been.root-ed.net)
  22. 72.20.13.6 (gettin.laid.didnthappen.net)
  23. 72.20.13.7 (irc.isevil.biz)
  24. 72.20.13.8 (bratty.violates.us)
  25. 72.20.13.9 (onegirl.violates.us)
  26. 72.20.13.10 (ubersource.net)
  27. 72.20.13.11 (dominance.unrelenting.net)
  28. 72.20.13.12 (drama.continued.org)
  29. 72.20.13.13 (irc.observers.net)
  30. 72.20.13.14 (lo0.core-1.chi.nullrouted.net)
  31. 72.20.13.15 (THAT.bitch.from.observers.net)
  32. 72.20.13.16 (ate.out.youmoms.net)
  33. 72.20.13.17 (organized.crime.inspiringevil.com)
  34. 72.20.13.18 (just.cuz.i.got.a.HUGE.cock.dont.mean.you.gotta.be.afraid.org)
  35. 72.20.13.19 (observes.hateration.net)
  36. 72.20.13.20 (bratty.dramawhore.net)
  37. 72.20.13.21 (mr.slippyfist.com)
  38. 72.20.13.22 (oldschool.whitehat.net)
  39. 72.20.13.23 (.)
  40. 72.20.13.24 (.)
  41. 72.20.13.25 (.)
  42. 72.20.13.26 (ns1.observers.net)
  43. 72.20.13.27 (ns2.observers.net)
  44. 72.20.13.28 (.)
  45. 72.20.13.29 (THAT.bitch.from.observers.net)
  46. 72.20.13.30 (box.observers.net)
  47. 72.20.13.31 (.)
  48. 72.20.13.32 (.)
  49. ~ NET-72-20-13-0-1 ~
  50. ~ Intel on 72.20.13.13 ~
  51. Botnet C&C Detected '72.20.13.13:6667' http://xml.ssdsandbox.net/ip?ip=72.20.13.13 (Run by http://www.threattrack.com/)
  52. http://xml.ssdsandbox.net/view/7741d15577526d7595dc9111918fed9d
  53. http://xml.ssdsandbox.net/view/7f62d5d24b5e0d7c8d2aea2fdcd70894
  54. http://xml.ssdsandbox.net/view/ce61ba64faabb2a141faadead199b383
  55. http://isthisfilesafe.com/sha1/1F8F3FAEB090F1708D1051D77D70F1675D28F304_details.aspx
  56. https://www.virustotal.com/file/343f453318630b1b40719103766a4411d2e4dfe983d4abf337652f6092d63ca8/analysis/
  57. Blacklisted by Shadowserver as C&C:
  58. http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
  59. http://rules.emergingthreats.net/blockrules/emerging-botcc.suricata.rules
  60. "ET CNC Shadowserver Reported CnC Server IP (group 36)" "classtype:trojan-activity"
  61. Another list as C&C Server (Original flagging probably by Shadowserver):
  62. http://www.tc.edu.tw/net/netflow/lkout
  63. Flagged P2P Worm C&C:
  64. http://www.totalmalwareinfo.com/rus/P2P-Worm.Win32.Lolol.a
  65. Hub for SRSIRC (irc.srsirc.com)
  66. https://twitter.com/TheResGroup/status/210051792950669313
  67. ~ Intel on 72.20.13.13 ~
  68. -----BEGIN PGP SIGNATURE-----
  69. Version: GnuPG v2.0.17 (MingW32)
  70. iQIcBAEBAwAGBQJP0MYVAAoJEFydt9HxKF6qGP8P/2PLpFbOmPnZ5Kfsg6U+r5B6
  71. gqdNB8zbHajIw9PsQGHRZsjbcYhfUziD7omgrQ3UcN4Qhvw9M7+MNFCI0zpibDsh
  72. Qb1THMbbJprPyFlJECNDOTbgrxfllTrO0fbS//n0waixY00CJQPNBdhOJhykVoMH
  73. X10pLbw7OCXAl2CZQ/unuTyvmKiAwUQtbUEvEeHTROp4n/QwWb0TSzdn2oerW+B1
  74. q1P46CdyTUg+4EXMN/TnyYNgPmp0PCWCRQQjDgerNlIuMDU4VZA4EXkbDgcE4Kfw
  75. 7hDMBtVm7p3knerE716RLfUs1ZvEt6pzIQtq64Z6f8w2iiQ98kpcCUg4Xw0+A+0d
  76. ZynxUZSfveE6ohS1S8ugogvLli1vCq23PT4gPQDx87+ROw57vWlu0LaE4rjp9sUw
  77. nz+dwsjbYNsSe4zMODcnMyITlusyIIPUvnDmM1ZSxdy6kVR5G9vLv7h70PT1hEpi
  78. tZtixVevOKTZ5DfBc0QNE6HsFurD1rnZWr3Gh+xRZ+Wqx6S58daU0U5Y6C1XyD6B
  79. pqPiEIZawN2YWRlEpHdZlpdA6UJWeVOR0yc9yjbABNDPAj3+edC/8PT+5qsYJVuI
  80. ZeU7qqyARYC24VIrtoXKGeiR0z9cerTc7Tgzqd3gGHo/OLOKcnM2ok8dz5eHz6PT
  81. Vpw/ZpoIFSz7/tMNRk+X
  82. =0Ic0
  83. -----END PGP SIGNATURE-----