More trojans on Inhoster
My previous post was only scratching the surface.
By checking for domains on IP numbers and then googling them, I found legion subdomains (almost all of them visibly spamvertized) on all domains on these IP numbers that had the banner URL that led to the Web Attacker code mentioned in my previous post:
216.255.185.9
216.255.185.10
216.255.185.11
216.255.185.12
216.255.185.13
216.255.185.14
216.255.185.15
216.255.185.16
216.255.185.17
216.255.185.18
216.255.185.19
216.255.185.20
216.255.185.21
216.255.185.22
216.255.185.23
216.255.185.24
216.255.185.25
216.255.185.26
And probably a lot more.
And I found a Norwegian pay-per-click search engine that had a Norwegian language page from one of the domains. Considering the spammers have possibly paid money for that placement, it’s a big vote AGAINST that SE: hent.no
More whois info:
uniq-soft.com (one of the cutouts) on 81.177.26.26
09/01/06 11:53:20 whois uniq-soft.com
Registrar Onlinenic
Registrant:
Fedorchenko-mladshiy fedir@ep.ua +7.4954950099
Fedorchenko-mladshiy
Lubyanka
Moscow,Moscow,RUSSIAN FEDERATION 100998
Domain Name:uniq-soft.com
Record last updated at 2006-08-09 19:46:23
Record created on 2006/8/9
Record expired on 2007/8/9
Domain servers in listed order:
ns1.game4all.biz ns2.game4all.biz
09/01/06 11:55:02 whois gruhit.com
Registration Service Provided By: ESTDOMAINS INC
Registrant:
WorlLTD
Orly (orly65@bk.ru)
Olimpiskay 20-65
Himki
Cy,654287
RU
Tel. +634.564342748
Creation Date: 21-Feb-2006
Expiration Date: 21-Feb-2007
Domain servers in listed order:
ns15.crybits.com
ns14.crybits.com
09/01/06 11:56:40 whois FREEFOK.COM
Registrant:
MainGlac
Lenin Ilich (estdomains@mail.ru)
krzsnay plochad - 1
Moskwa
Moskovskaya oblast,654198
RU
Tel. +095.65178922
Creation Date: 21-Feb-2006
Expiration Date: 21-Feb-2007
Domain servers in listed order:
ns15.crybits.com
ns14.crybits.com
Basically, they do a different whois for every other IP number, so this could go on forever.