I was asked by a friend earlier, to look at spywaretimes.com, due to it's appearing either hacked, or sold. Sadly, from what I've found, it appears to have been sold to an entity involved in fake meds.spywaretimes.com, for those unaware, is a former CoU sister site, and provided various anti-malware services (i.e. help with removal etc). What is surprising, is the Wayback Machine, shows the site vanished around May 2008 (it's obviously come back to life since then as someone would've noticed alot earlier if it hadn't).
spywaretimes.com is currently pointed to BlueHost (surprise surprise) IP, 70.40.198.39, and is peddling fake meds, so has been added to hpHosts (I wouldn't normally add a fake meds site, but given this sites previous content, felt it a necessary precaution). The site is currently registered to;
Registrant:
HR Inversiones harryrammail-domains@yahoo.com
Av. Tiradentes #10 M, Naco
Santo Domingo, Distrito Nacional 00000
Dominican Republic
Domain Name: SPYWARETIMES.COM
Created on: 29-Apr-05
Expires on: 29-Apr-10
Last Updated on: 28-Jun-09
Administrative Contact:
Inversiones, HR harryrammail-domains@yahoo.com
Av. Tiradentes #10 M, Naco
Santo Domingo, Distrito Nacional 00000
Dominican Republic
8298869091 Fax --
Technical Contact:
Inversiones, HR harryrammail-domains@yahoo.com
Av. Tiradentes #10 M, Naco
Santo Domingo, Distrito Nacional 00000
Dominican Republic
8298869091 Fax --
Domain servers in listed order:
NS1.BLUEHOST.COM
NS2.BLUEHOST.COM
HR Inversiones harryrammail-domains@yahoo.com
Av. Tiradentes #10 M, Naco
Santo Domingo, Distrito Nacional 00000
Dominican Republic
Domain Name: SPYWARETIMES.COM
Created on: 29-Apr-05
Expires on: 29-Apr-10
Last Updated on: 28-Jun-09
Administrative Contact:
Inversiones, HR harryrammail-domains@yahoo.com
Av. Tiradentes #10 M, Naco
Santo Domingo, Distrito Nacional 00000
Dominican Republic
8298869091 Fax --
Technical Contact:
Inversiones, HR harryrammail-domains@yahoo.com
Av. Tiradentes #10 M, Naco
Santo Domingo, Distrito Nacional 00000
Dominican Republic
8298869091 Fax --
Domain servers in listed order:
NS1.BLUEHOST.COM
NS2.BLUEHOST.COM
The IP this domain is hosted on, also has several other domains with identical content;
fubarthebook.net
juneauunplugged.com
spywaretimes.com
unpolitics.org
where-can-i-shop-online.org
windows-hints.net
http://hosts-file.net/?s=70.40.198.39&view=matches
I've not looked at the entire /24 yet, but given it's BlueHost, wouldn't be surprised if there were more malicious domains present (hundreds of domains hosted there recently, have either been hacked (just like Lunarpages), or are/were owned, by malicious persons).
Hat tip to Tim for the heads up!.
Posts
3 comments:
Thanks Steven :-)
Regards,
Hardhead
Always a pleasure :o)
Steven I sent you the source code as directed and I get the same thing again.
Post a Comment