# psychz.net yardvps.com photonvps.com got hacked



## vRozenSch00n (Nov 28, 2013)

Just got a shocking news from our neighbor that psychz.net, yardvps.com, photonvps.com, got hacked. 

At the moment the three websites are still showing the hacked page.


----------



## Francisco (Nov 28, 2013)

*BE CAREFUL*.

Google is claiming there is malware being pushed. Here is the contents of the page pulled via CURL.


```
<html>
<head>
<title>Hacked By Spectrum</title>
</head>
<body bgColor="#FFFFFF">
<div align=center>
<img src="http://zonehmirrors.org/defaced/2013/11/28/shrinathji.co.in/im42.gulfup.com/2YIA1.gif" border=0 width=500 height=279>
<br></br>
<div class="wpmd">
<font color="#FF0000"> </font><font color="#FF0000">&gt;&gt;</font><font color="#000000" size=7> HACKED </font><font color="#FF0000" class="ws48">&lt;&lt;</font></div>
<br></br>
<font color="#FF0000"> </font><font color="#FFFFFF">&gt;&gt;</font><font color="#000111" size=7> I told you motherfucker don't fuck with me go now and cry like a  little bitch you and your fucking CEO all your data downloded and one of it has been sold  </font><font color="#FFFFFF" class="ws48">&lt;&lt;</font>
<br></br>
<font color="#FF0000"> </font><font color="#FFFFFF">&gt;&gt;</font><font color="#000111" size=7> Fuck you Tim ;)  </font><font color="#FFFFFF" class="ws48">&lt;&lt;</font>
<br></br>
<font color="#FF0000"> </font><font color="#FFFFFF">&gt;&gt;</font><font color="#000111" size=7> Fuck you psychz.net ;)  </font><font color="#FFFFFF" class="ws48">&lt;&lt;</font>
<br></br>
<font color="#FF0000"> </font><font color="#FFFFFF">&gt;&gt;</font><font color="#000111" size=7> and thank you for the great data :D you can laugh now :D </font><font color="#FFFFFF" class="ws48">&lt;&lt;</font>
<br></br>
<img src="http://image.spreadshirt.com/image-server/v1/designs/11236846,width=178,height=178/middle-finger-fuck.png" border=0 width=500 height=279>
<br></br>
<font color="#FF0000"> </font><font color="#DDDDDD">&gt;&gt;</font><font color="#FF0000" size=7> This sites  </font><font color="#FFFFFF" class="ws48">&lt;&lt;</font>
<br></br>
<font color="#FF0000"> </font><font color="#111111">&gt;&gt;</font><font color="#111111" size=7>  psychz.net yardvps.com photonvps.com  </font><font color="#FFFFFF" class="ws48">&lt;&lt;</font>
<br></br>
<font color="#FF0000"> </font><font color="#FFFFFF">&gt;&gt;</font><font color="#FF0000" size=7> has been hacked </font><font color="#FFFFFF" class="ws48">&lt;&lt;</font>
<br></br>
<font color="#FF0000"> </font><font color="#FFFFFF">&gt;&gt;</font><font color="#FF0000" size=7> I offer all of the databases for sale for just 100$ </font><font color="#FFFFFF" class="ws48">&lt;&lt;</font>





<br></br>
<font color="#111111" size=6 > [email protected] </font>
</div>
</div>


</body>
</html>
```


----------



## vRozenSch00n (Nov 28, 2013)

@drmike Any comments or advice Doc?


----------



## peterw (Nov 28, 2013)

This is the result of what Psychz Network allowed to be hosted on their network. I banned their whole range long time ago.


```
23.91.0.0/19 	        Psychz Networks
23.91.4.0/24 	        Psychz Networks
23.91.14.0/24 	        Psychz Networks
23.91.21.0/24 	        Psychz Networks
23.228.192.0/18 	Psychz Networks
23.228.230.0/24 	Psychz Networks
23.228.252.0/24 	Psychz Networks
23.236.96.0/20 	        CrosSystem Company
23.238.128.0/17 	Psychz Networks
23.238.142.0/24 	Psychz Networks
23.238.151.0/24 	Psychz Networks
23.238.164.0/24 	Psychz Networks
23.238.165.0/24 	Psychz Networks
23.238.189.0/24 	Psychz Networks
23.251.32.0/19 	        VpsQuan L.L.C.
69.165.64.0/22 	        VpsQuan L.L.C.
69.165.72.0/21 	        VpsQuan L.L.C.
74.117.56.0/21 	        Psychz Networks
108.171.240.0/20 	Psychz Networks
173.224.208.0/20 	Psychz Networks
192.126.124.0/23 	NexteCloud L.L.C.
192.184.32.0/19 	Psychz Networks
192.184.63.0/24 	Psychz Networks
192.210.48.0/20 	Psychz Networks
198.13.96.0/19 	        Psychz Networks
198.44.160.0/19 	VpsQuan L.L.C.
199.15.112.0/21 	Psychz Networks
199.71.212.0/22 	Psychz Networks
199.83.88.0/21 	        Psychz Networks
199.119.200.0/21 	Psychz Networks
199.245.58.0/24 	CrosSystem Company
208.87.240.0/22 	Psychz Networks
216.24.192.0/20 	Psychz Networks
216.99.144.0/20 	Psychz Networks
```


----------



## vRozenSch00n (Nov 28, 2013)

@peterw Some of the IPs in those ranges attacked my site.


----------



## Francisco (Nov 28, 2013)

There was a tweet where someone claimed their VPS is now crapping out input/output errors...

It was removed now but it might get ugly.

Francisco


----------



## Shados (Nov 28, 2013)

Francisco said:


> There was a tweet where someone claimed their VPS is now crapping out input/output errors...
> 
> 
> It was removed now but it might get ugly.
> ...


Heh, that's a pretty perfect indication that the disk or FS has fallen out from under it if they're getting it on random operations.


----------



## Francisco (Nov 28, 2013)

Shados said:


> Heh, that's a pretty perfect indication that the disk or FS has fallen out from under it if they're getting it on random operations.


Usually 

The owner posted on WHT that the issue was just their ENOM account getting exploited.

It's possible the I/O ticket was just the planets aligning but who knows.

Francisco


----------



## drmike (Nov 28, 2013)

vRozenSch00n said:


> @drmike Any comments or advice Doc?


Buy the database? 

http://www.spamhaus.org/sbl/listings/psychz.net

Looks like they have a good amount of bad behavior on their network.   Not the first time I've tripped on them when doing research on bad actors.

Beyond that, not currently on my radar, so nothing really useful.


----------



## vRozenSch00n (Nov 28, 2013)

drmike said:


> Buy the database?
> 
> http://www.spamhaus.org/sbl/listings/psychz.net
> 
> ...


Thanks Doc. I always enjoy your research.


----------

