|
Someones Site is changing hostfiles on users computers
I have a trade going with someone which I will not name right now until I have 100% proof that it is this site.
I would like to ask the rest of you if you also have this problem? They change your whole host file which can be found under \winnt\system32\drivers\etc\hosts They add all popular domain names and route them to ip address 66.159.20.52 causing your browser to go to their site(s) instead of your trade or site you wish to go to, they also route it to a dailer :feels-hot So if we can get together or if someone knows 100% who it is we can warn other people about this. For now I have locked my hostfile and will see what happens. thanks |
fuck it, name names!
|
innocent until proving guilty, that's why I called for help
|
yep post domain so we can all blacklist him and safe our surfers ;)
|
in this world its : guilty until proven innocent ;) download the track by jay z ) ;)
|
Don't really want to warn him until we get proof and then everyone can jump his ass :BangBang:
|
Install KAZAA LITE or DC++, and you host file will be fuckup too.
And theres the list with all the porn sites too, strange whey they are doing it, i cant say which software but its KAZAA LITE or DC++ |
Tell us who it is. The number of complaints from people getting hit with host file changes has been going up a lot in the last few weeks, from what I've seen.
Who do you think is doing it? |
im talking to a good friend, he is saying its KAZAA, he doesnt know the version.
|
Here is one of the redirect URL's that people have complained about previously on GFY:
sexbbc.com Who is changing the hosts file to benefit this site? |
uhhh...so you're saying it's whoever owns www.pornsea.com?
|
Quote:
|
Well it's not Kazaa lite as I don't have that, and as far as I know
kazaa lite blocks and does not reroute. OK since everyone is asking who I think it is and if I am wrong then I am sorry and we can look for who is really doing it I think it's http://sexxbbc.com and here is why I think that. 1. strange hahahahahahahahahaha on site encoded. SCRIPT language=JScript.Encode #@~^lgAAAAhahahaha@&Jz@!eO @&\mD,2w{JWDm:EI@&NW1;:xYcA.kD+vJ@!kEQawQJ~/Mmx4DYwl&J/n68qyR^K:JmW!xD w4w_l1mxq,0Dmh+(WD9n.'ZP4+ro4O{F~hb[Y4'q@*@!zkEQawQJ@*r#I@&zJOO@*@&3ioAAAhahahaha^#~@ SCRIPT Can't find out what it is. 2. Ip address found in host file resolves to a dns server he is using 66.159.20.52 resolved to wcg20-balance.host-system.com DNS Query Results: ; <<>> DiG 8.3 <<>> any wcg20-balance.host-system.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; wcg20-balance.host-system.com, type = ANY, class = IN ;; AUTHORITY SECTION: host-system.com. 1H IN SOA ns1.xtraff.com. root.xtraff.com. ( 2120858416 ; serial 8H ; refresh 4H ; retry 5w6d16h ; expiry 1H ) ; minimum ------------------------; <<>> DiG 8.3 <<>> any sexbbc.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2 ;; QUERY SECTION: ;; sexbbc.com, type = ANY, class = IN ;; ANSWER SECTION: sexbbc.com. 1d8h41m31s IN NS server2.zihost.com. sexbbc.com. 1d8h41m31s IN NS ns2.host-system.com. sexbbc.com. 59m48s IN A 66.117.14.177 ;; AUTHORITY SECTION: sexbbc.com. 1d8h41m31s IN NS server2.zihost.com. sexbbc.com. 1d8h41m31s IN NS ns2.host-system.com. ;; ADDITIONAL SECTION: server2.zihost.com. 1d10h24m46s IN A 66.159.20.46 ns2.host-system.com. 1d10h24m46s IN A 66.250.39.23 WWWhois Results: Connecting to whois.crsnic.net... Deferred to specific whois server: whois.dotster.com... Registrant: Marsh Madness LLC 29 off 8 Street ALDIE, VA 20105 US Registrar: DOTSTER Domain Name: SEXBBC.COM Created on: 14-MAY-03 Expires on: 14-MAY-04 Last Updated on: 14-MAY-03 Administrative, Technical Contact: Gaiter, Mark [email protected] Marsh Madness LLC 29 off 8 Street ALDIE, VA 20105 US +1-702-224-64-66 Domain servers in listed order: SERVER2.ZIHOST.COM NS2.HOST-SYSTEM.COM End of Whois Information IP Whois Results: Connecting to whois.arin.net... OrgName: New Horizon Collocations OrgID: NHC-34 Address: 603 Wilshire Address: Suite 911 City: Los Angeles StateProv: CA PostalCode: 90017 Country: US NetRange: 66.117.0.0 - 66.117.31.255 CIDR: 66.117.0.0/19 NetName: NHI-COLO NetHandle: NET-66-117-0-0-1 Parent: NET-66-0-0-0-0 NetType: Direct Allocation NameServer: DNS1.NHICOLO.COM NameServer: DNS2.NHICOLO.COM Comment: RegDate: 2002-09-30 Updated: 2003-06-20 OrgTechHandle: HOSTM44-ARIN OrgTechName: HOSTMASTER OrgTechPhone: +1-877-322-5188 OrgTechEmail: [email protected] # ARIN WHOIS database, last updated 2003-08-08 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. IP Whois Results: Connecting to whois.arin.net... Williams Communications, Incorporated WCG-BLK-2 (NET-66-159-0-0-1) 66.159.0.0 - 66.159.31.255 IIC Internet WLCO-TWC874610-IICINT (NET-66-159-16-0-1) 66.159.16.0 - 66.159.20.255 # ARIN WHOIS database, last updated 2003-08-08 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. Checking Port 80... Port 80 is open and accepting connections. Ping Results: PING 66.159.20.52 (66.159.20.52) from 217.17.139.169 : 56(84) bytes of data. 64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=0 ttl=237 time=162.1 ms 64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=1 ttl=237 time=160.0 ms 64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=2 ttl=237 time=160.1 ms 64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=3 ttl=237 time=160.0 ms 64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=4 ttl=237 time=163.3 ms Now if it's not him I would really like to know who is doing it thanks |
OK it seems that others knew the name before I did,
So Sexxbcc, let's hear what you have to say. Defend yourself!!!!! |
I know exactly what I'd change in people's hosts file if I was a mean man, but I'm not.
|
Quote:
|
Decoded:
Code:
var pp="fram"; |
Its kazaa, but its blocking the domains at ip 127.0.0.1 (localhost)
This guy is really bad, i hope they will ddos him or something because i dont like this. Quote:
|
Quote:
|
great trick
who wants to share the full code with him? im all about tricks lately |
I have changed my host file to read only and hidden,
seems to be working :) |
sexbbc.com
ifsexy.com pornsea.com hanporn.com pornbig.com sex-days.com joyporn.com Same shit. |
:warning
|
Looking for a solution? Why not check with 12Clicks at Standard Internet. He has built an entire business model on altering surfer's registry files and other dirty tricks. To contact him check out this article. His email can be found near the end of the article.
http://forums.techguy.org/t140495/s3...06a116f53.html Strange thing is, I can guarantee although SI's practices are no more ethical then the scumbag discussed in this thread, there will still be a gaggle of the weak who will defend him after I make this post. |
Actually I think the way Kazaa Lite is using the host file is very useful. I had to delete some domains from the file, but it also protects you from some shitty spyware :2 cents:
|
I agree that the host file can be usefull but I like to control it myself instead of having someone do it without my knowledge
|
kid frost
:thumbsup :thumbsup |
| All times are GMT -7. The time now is 03:46 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123