Arturo 'Buanzo' Busleiman wrote: > First post, hi everybody! > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Dean De Beer wrote: > > This site appears to be run by the authors to host their malware. > [...] > > hxxp://www.ahack.info > > The IP for www.ahack.info is: > > 203.202.239.59 > > According to a simple vhosts query tool I wrote, that IP also hosts these > sites: > > e-gold-exchange.net > hook-up-tonight.com > ns112233.org > liberty-exchange.net > ueaconline.com > www.ahack.info > www.y-press.ru > www.serialydvd.ru > sarazin.ru > pinoc.info > sh0p0rtal.com > sh0pp0rtal.com > www.google-world.biz > robotraf.com (mentioned on a slashdot story a couple days ago, about the > business of malware) > adword.google-gw.info > f9i.org > stocktraffic.net > sweet-mp3.com > thebestlog.org > ultra-shop.biz > google-gw.info > > Interesting, huh?
FWIW, the RUS-CERT Passive DNS replication tool says that that IP has "recently" been seen serving these domains: thebestlog.org chulavistaca.cn as-cannabis.cn www.as-cannabis.cn www.d1gix.cn kokc.info pinoc.info portki.info ahack.info www.ahack.info ithack.info yourcount.info www.yourcount.info bleky.info ns3.2ru.us ns4.2ru.us tradingway.net serialy1.ru mail.serialy1.ru serialydvd.ru mail.serialydvd.ru yellow-journal.ru mail.yellow-journal.ru yellow-magazin.ru mail.yellow-magazin.ru news-press.ru mail.news-press.ru y-press.ru mail.y-press.ru press-news.ru mail.press-news.ru serialytv.ru mail.serialytv.ru webarh.biz domogj.biz mail.domogj.biz ultra-shop.biz And another passive DNS engine returns: ns4.2ru.us ns3.2ru.us pinoc.info usersoftware.in framemoney.biz y-press.ru svchost.org expmailing.com y-press.ru yellow-magazin.ru serialy1.ru domogj.biz serialydvd.ru serialytv.ru www.domogj.biz ithack.info press-news.ru yellow-journal.ru news-press.ru www.as-cannabis.cn as-cannabis.cn Regards, Nick FitzGerald _______________________________________________ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
