tag:blogger.com,1999:blog-804714437673009003.post6311125437697586117..comments2024-02-23T09:06:13.967+00:00Comments on Dynamoo's Blog: Xvideos.com IP hosting malware C&C serversUnknownnoreply@blogger.comBlogger5125tag:blogger.com,1999:blog-804714437673009003.post-20498698759535523242012-06-13T10:01:51.320+01:002012-06-13T10:01:51.320+01:00Amended the post to reflect that the C&C serve...Amended the post to reflect that the C&C servers might not have been there, however AS46652 is still pretty bad!Conrad Longmorehttps://www.blogger.com/profile/11751822299235747323noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-66756753835062276312012-06-10T00:16:30.947+01:002012-06-10T00:16:30.947+01:00Conrad I love what you are doing here but in that ...Conrad I love what you are doing here but in that specific case...you really made a mistake.<br />The C&C of this DriveByDownload for Android was on 184.82.82.68 with two forms to open what look like Panel on /client/auth & /adminx/auth.<br />They changed DNS to Xvideos..they could have point to Google IP as well.<br /><br />@John Doe, mistakes happen. They surely verified but maybe few Kafeinehttps://www.blogger.com/profile/18063564091122903268noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-90763743608045289192012-06-09T22:42:23.441+01:002012-06-09T22:42:23.441+01:00@John Doe, perhaps you should check http://www.goo...@John Doe, perhaps you should check http://www.google.com/safebrowsing/diagnostic?site=xnxx.com/ which is part of the same network. Malware is pretty common on xvideos.com and affiliates. There is an indication that they might have suffered some sort of compromise at the very least.Conrad Longmorehttps://www.blogger.com/profile/11751822299235747323noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-13746435469929455802012-06-07T16:17:17.483+01:002012-06-07T16:17:17.483+01:00Well, big mistake:
http://www.google.com/safebrows...Well, big mistake:<br />http://www.google.com/safebrowsing/diagnostic?site=xvideos.com/<br />Nothing suspicious...<br />These 2 websites have only changed their DNS to point to xvideos. No big deal. Why did you not verify your information before posting ?Anonymoushttps://www.blogger.com/profile/05304698917651128236noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-1603919445949384502012-05-06T01:00:09.578+01:002012-05-06T01:00:09.578+01:00Are you really sure ?
notcompatibleapp.eu was a C&...Are you really sure ?<br />notcompatibleapp.eu was a C&C...but on IP : 184.82.82.68<br />They changed DNS records to Xvideos on the 03/05/2012.<br /><br />You won't see the :<br />/client/auth<br />and<br />/adminx/auth<br />On Xvideos :)<br /><br />But they are victim (?) from time to time of Malvertising.Kafeinehttps://www.blogger.com/profile/18063564091122903268noreply@blogger.com