Posts
Yesterday, I pointed out that anonleaks.pcriot.com had been deployed on IP address 69.175.6.102. During the night, anonleaks.pcriot.com was moved to 69.175.122.178. In addition, anonlinks.pcriot.com was deployed on 69.175.6.102.
According to clean-mx.de, there have been 29 separate instances of malware on 69.175.122.178 during the past 12 months (including pcriot.com) http://support.clean-mx.de/clean-mx/viruses.php?ip=69.175.122.178&sort=first%20desc, and the host domain objects remain in play (they include various subdomains for pcriot.com, x10.bz, and x10.mx).
MalwareURL reports that Zeus and other keyloggers are currently active on the IP.
x10hosting.com is the bad hosting firm involved, and we will be taking a close look at their other operations.
James McQuaid
2-12-2011
69.175.122.178In addition, anonleaks.ru has been set up within criminal hoster Webalta's IP space:
anonleaks.pcriot.com
69.175.6.102
anonlinks.pcriot.com
92.241.162.216Anonops has several familiar dedicated DDOS domains at 109.235.53.142:
anonleaks.ru
hbgary.anonleaks.ru
internetfeds.mil.nf
irc.anonops.net
loic.anonops.in
dharma.anonops.ruHijacked brands on 69.175.122.178 include Facebook, HSBC Finance, Nintendo, and Star Wars. In addition, the IP is cluttered with web spam junk domains.
irc.anonops.net
irc.anonops.ru
loic.anonops.in
loic.anonops.net
loic.anonops.ru
According to clean-mx.de, there have been 29 separate instances of malware on 69.175.122.178 during the past 12 months (including pcriot.com) http://support.clean-mx.de/clean-mx/viruses.php?ip=69.175.122.178&sort=first%20desc, and the host domain objects remain in play (they include various subdomains for pcriot.com, x10.bz, and x10.mx).
MalwareURL reports that Zeus and other keyloggers are currently active on the IP.
x10hosting.com is the bad hosting firm involved, and we will be taking a close look at their other operations.
James McQuaid
2-12-2011
