[nsp-sec] identity theft c&c (AS 48841, 49017, 44050, 8492)
Tom Fischer
tfischer at bfk.de
Tue Jun 2 08:43:57 EDT 2009
Hi,
On Fri, May 29, 2009 at 11:59:43AM -0400, Tom Daly wrote:
> > please help to null route 94.232.248.61 which is used to distribute
> > identity theft malware and to command&control infected systems.
>
> EveryDNS provides DNS to the domain. David - can you help?
anyone from EveryDNS available to nuke aboutmmgftf.com?
New malware reports:
http://www.threatexpert.com/report.aspx?md5=4da773bffc31d655e8a2c4ea7c1270af
http://www.threatexpert.com/report.aspx?md5=d51e4ada0e0371255f0ec0f6a6a640db
[...]
aboutmmgftf.com. 60 IN NS ns3.everydns.net.
aboutmmgftf.com. 60 IN NS ns2.everydns.net.
aboutmmgftf.com. 60 IN NS ns4.everydns.net.
aboutmmgftf.com. 60 IN NS ns1.everydns.net.
Domain Name: ABOUTMMGFTF.COM
Registrar: BIZCN.COM, INC.
Whois Server: whois.bizcn.com
Referral URL: http://www.bizcn.com
Name Server: NS1.EVERYDNS.NET
Name Server: NS2.EVERYDNS.NET
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 23-apr-2009
Creation Date: 23-apr-2009
Expiration Date: 23-apr-2010
Registrant Contact:
Hau Cheng
Hau Cheng haucheng at yahoo.com
0864588923 fax: 0864588923
No. 93 Tiananmen
Beijing Beijing 100041
cn
--
Tom Fischer
More information about the nsp-security
mailing list