On 2015-12-02 08:41, Ric Werme wrote:
> Oh how cute. After a break yesterday AM, the "assault" resumed. One new
> actor
> is from abuser.eu. My guess is that's an official site that is investigating
> the malware, as the registration info is impossibly brief:
>
> $ whois abuser.eu
>
>
afraid.org is a community-driven dynamic DNS provider.
You can donate domain names to it and they make subdomains of those domain
names available to everyone.
That said - it is certainly abused by bad guys, too.
-dan
On Wed, Dec 2, 2015 at 11:50 AM, Joshua Judson Rosen
Oh how cute. After a break yesterday AM, the "assault" resumed. One new actor
is from abuser.eu. My guess is that's an official site that is investigating
the malware, as the registration info is impossibly brief:
$ whois abuser.eu
Domain: abuser.eu
Registrant:
NOT DISCLOSED!
My web hit counter reported 56K references to miscellaneous pages.
Lots of references from poneytelecom.eu (and others), mostly to .asp
pages that don't exist, and a referrer string of 11m.php to both my domains
hosted at bizland.com, e.g.
08:22:23 ADMIN/cache.asp