Saturday, March 1, 2014

Citadel / WSO Shell - hajimahmoud.com

hajimahmoud.com
91.223.82.145

http://hajimahmoud.com/arab/xxxx/sysfile.dat

It was listed as a Citadel C&C.

When I got there the Citadel was gone. 

Only thing left was a green WSO shell. 



Looking at the logs we have an IP:
41.138.182.252


It is amazing how many times this network shows up in bad places.

inetnum:        41.138.176.0 - 41.138.183.255
netname:        VISAFONE-LAGOS-PDSN1
descr:          Visafone Communications Limited,
descr:          12, Ologun Agbaje Street,
descr:          Victoria Island,
descr:          Lagos
country:        NG
[NG] Citadel Admin - 41.138.182.252


View Larger Map



I'm thinking about starting a KickStarter fundraiser to go over there and crack some skulls myself. 

No comments:

Post a Comment