Blog for hpHosts, and whatever else I feel like writing about ....

Sunday 11 October 2009

spywaretimes.com

I was asked by a friend earlier, to look at spywaretimes.com, due to it's appearing either hacked, or sold. Sadly, from what I've found, it appears to have been sold to an entity involved in fake meds.

spywaretimes.com, for those unaware, is a former CoU sister site, and provided various anti-malware services (i.e. help with removal etc). What is surprising, is the Wayback Machine, shows the site vanished around May 2008 (it's obviously come back to life since then as someone would've noticed alot earlier if it hadn't).

spywaretimes.com is currently pointed to BlueHost (surprise surprise) IP, 70.40.198.39, and is peddling fake meds, so has been added to hpHosts (I wouldn't normally add a fake meds site, but given this sites previous content, felt it a necessary precaution). The site is currently registered to;

Registrant:

HR Inversiones harryrammail-domains@yahoo.com
Av. Tiradentes #10 M, Naco
Santo Domingo, Distrito Nacional 00000
Dominican Republic

Domain Name: SPYWARETIMES.COM
Created on: 29-Apr-05
Expires on: 29-Apr-10
Last Updated on: 28-Jun-09

Administrative Contact:
Inversiones, HR harryrammail-domains@yahoo.com
Av. Tiradentes #10 M, Naco
Santo Domingo, Distrito Nacional 00000
Dominican Republic
8298869091 Fax --

Technical Contact:
Inversiones, HR harryrammail-domains@yahoo.com
Av. Tiradentes #10 M, Naco
Santo Domingo, Distrito Nacional 00000
Dominican Republic
8298869091 Fax --

Domain servers in listed order:
NS1.BLUEHOST.COM
NS2.BLUEHOST.COM


The IP this domain is hosted on, also has several other domains with identical content;

fubarthebook.net
juneauunplugged.com
spywaretimes.com
unpolitics.org
where-can-i-shop-online.org
windows-hints.net

http://hosts-file.net/?s=70.40.198.39&view=matches

I've not looked at the entire /24 yet, but given it's BlueHost, wouldn't be surprised if there were more malicious domains present (hundreds of domains hosted there recently, have either been hacked (just like Lunarpages), or are/were owned, by malicious persons).

Hat tip to Tim for the heads up!.

3 comments:

Hardhead said...

Thanks Steven :-)

Regards,
Hardhead

MysteryFCM said...

Always a pleasure :o)

Hardhead said...

Steven I sent you the source code as directed and I get the same thing again.