I wrote a while back (July, August and then again in September, about the Alliance and Leicester botnet, that served to scam the unwitting out of their banking information. Then of course, there was the MSN phishing from the Sun Network range, and later, spilled onto a botnet when myself and Jonathan, kept getting them shut down.Now it seems, both the Alliance and Leicester, and the MSN phishing scams, could have been from the same source. Research, with the help of fellow researcher G7w (found on the Web of Trust forums), has shown another fairly new domain involved in MSN phishing, has ties both to a botnet, and to the Alliance and Leicester botnet, courtesy of historical records from Robtex (here and here).
I'm still hunting out all of the IP's involved, but the domains referenced at Robtex, not all of which still resolve, are;
alliance-leicester.3prff6suk1.com
alliance-leicester259.com
alliance-leicester588.com
alliance-leicester727.com
alliance-leicester830.com
alliance-leicester968.com
client9058426756.com
hahahohoserver.com
mybank.alliance-leicester.3prff6suk1.com
my-pictures-downloads.com
ns1.cnu1a7b8yk.com
ns1.hahahohoserver.com
ns1.my-pictures-downloads.com
ns1.woooh-i-got-your-pics.com
ns5.foolish-dns-net.com
the-breakfast-dreams.com
tw9qye1vpw.com
u86i82j3sd.com
webmaster.hahahohoserver.com
webmaster.i-tracked-who-blocked-me.com
webmaster.tw9qye1vpw.com
woooh-i-got-your-pics.com
www.mybank.alliance-leicester850.com
alliance-leicester259.com
alliance-leicester588.com
alliance-leicester727.com
alliance-leicester830.com
alliance-leicester968.com
client9058426756.com
hahahohoserver.com
mybank.alliance-leicester.3prff6suk1.com
my-pictures-downloads.com
ns1.cnu1a7b8yk.com
ns1.hahahohoserver.com
ns1.my-pictures-downloads.com
ns1.woooh-i-got-your-pics.com
ns5.foolish-dns-net.com
the-breakfast-dreams.com
tw9qye1vpw.com
u86i82j3sd.com
webmaster.hahahohoserver.com
webmaster.i-tracked-who-blocked-me.com
webmaster.tw9qye1vpw.com
woooh-i-got-your-pics.com
www.mybank.alliance-leicester850.com
hpObserver results for those still resolving, can be found at;
http://hosts-file.net/misc/hpObserver_results_-_MSN_AAL_Phish.html
The owner of hahahohoserver.com, "liu wenge" (Domain Tools shows this name to be associated with 191 domains), appears to have ties to fake meds. Though it should of course be noted, that this could simply be a common name in China. One thing that is clear, is that the registrants of these phishing domains, have ties to the Alliance and Leicester botnet, and as such, a close watch is going to be required for anything new that pops up.
WhoIs details
Domain Name : woooh-i-got-your-pics.com
PunnyCode : woooh-i-got-your-pics.com
Creation Date : 2009-11-25 05:31:14
Updated Date : 2009-11-25 05:34:44
Expiration Date : 2010-11-25 05:31:12
Registrant:
Organization : Nou Rwg
Name : Nou Rwg
Address : BaoChun Rd. 675, No. 48, 1F, Apt. 0285
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Administrative Contact:
Name : Nou Rwg
Organization : Nou Rwg
Address : BaoChun Rd. 675, No. 48, 1F, Apt. 0285
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-10346283-10346283
Fax : 86-010-10346283-10346283
Email : 80difvf@126.com
Technical Contact:
Name : Nou Rwg
Organization : Nou Rwg
Address : BaoChun Rd. 675, No. 48, 1F, Apt. 0285
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-10346283-10346283
Fax : 86-010-10346283-10346283
Email : 80difvf@126.com
Billing Contact:
Name : Nou Rwg
Organization : Nou Rwg
Address : BaoChun Rd. 675, No. 48, 1F, Apt. 0285
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-10346283-10346283
Fax : 86-010-10346283-10346283
Email : 80difvf@126.com
**********************************************************
Domain Name : foolish-dns-net.com
PunnyCode : foolish-dns-net.com
Creation Date : 2009-10-21 16:44:37
Updated Date : 2009-11-12 21:55:33
Expiration Date : 2010-10-21 16:44:34
Registrant:
Organization : Pan Wei wei
Name : Pan Wei wei
Address : BaoChun Rd. 27, No. 3, 1F, Apt. 1903
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Administrative Contact:
Name : Pan Wei wei
Organization : Pan Wei wei
Address : BaoChun Rd. 27, No. 3, 1F, Apt. 1903
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-58022118-58022118
Fax : 86-010-58022118-58022118
Email : 127@126.com
Technical Contact:
Name : Pan Wei wei
Organization : Pan Wei wei
Address : BaoChun Rd. 27, No. 3, 1F, Apt. 1903
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-58022118-58022118
Fax : 86-010-58022118-58022118
Email : 127@126.com
Billing Contact:
Name : Pan Wei wei
Organization : Pan Wei wei
Address : BaoChun Rd. 27, No. 3, 1F, Apt. 1903
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-58022118-58022118
Fax : 86-010-58022118-58022118
Email : 127@126.com
**********************************************************
Domain Name : hahahohoserver.com
PunnyCode : hahahohoserver.com
Creation Date : 2009-11-19 04:01:34
Updated Date : 2009-11-21 03:03:49
Expiration Date : 2010-11-19 04:01:18
Registrant:
Organization : liu wenge
Name : liu wenge
Address : jiefanglu177hao
City : jingzhou
Province/State : jingzhou
Country : cn
Postal Code : 434000
Administrative Contact:
Name : liu wenge
Organization : liu wenge
Address : jiefanglu177hao
City : jingzhou
Province/State : jingzhou
Country : cn
Postal Code : 434000
Phone Number : 86-716-8657847
Fax : 86-716-8128558
Email : wang9619@126.com
Technical Contact:
Name : liu wenge
Organization : liu wenge
Address : jiefanglu177hao
City : jingzhou
Province/State : jingzhou
Country : cn
Postal Code : 434000
Phone Number : 86-716-8657847
Fax : 86-716-8128558
Email : wang9619@126.com
Billing Contact:
Name : liu wenge
Organization : liu wenge
Address : jiefanglu177hao
City : jingzhou
Province/State : jingzhou
Country : cn
Postal Code : 434000
Phone Number : 86-716-8657847
Fax : 86-716-8128558
Email : wang9619@126.com
PunnyCode : woooh-i-got-your-pics.com
Creation Date : 2009-11-25 05:31:14
Updated Date : 2009-11-25 05:34:44
Expiration Date : 2010-11-25 05:31:12
Registrant:
Organization : Nou Rwg
Name : Nou Rwg
Address : BaoChun Rd. 675, No. 48, 1F, Apt. 0285
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Administrative Contact:
Name : Nou Rwg
Organization : Nou Rwg
Address : BaoChun Rd. 675, No. 48, 1F, Apt. 0285
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-10346283-10346283
Fax : 86-010-10346283-10346283
Email : 80difvf@126.com
Technical Contact:
Name : Nou Rwg
Organization : Nou Rwg
Address : BaoChun Rd. 675, No. 48, 1F, Apt. 0285
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-10346283-10346283
Fax : 86-010-10346283-10346283
Email : 80difvf@126.com
Billing Contact:
Name : Nou Rwg
Organization : Nou Rwg
Address : BaoChun Rd. 675, No. 48, 1F, Apt. 0285
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-10346283-10346283
Fax : 86-010-10346283-10346283
Email : 80difvf@126.com
**********************************************************
Domain Name : foolish-dns-net.com
PunnyCode : foolish-dns-net.com
Creation Date : 2009-10-21 16:44:37
Updated Date : 2009-11-12 21:55:33
Expiration Date : 2010-10-21 16:44:34
Registrant:
Organization : Pan Wei wei
Name : Pan Wei wei
Address : BaoChun Rd. 27, No. 3, 1F, Apt. 1903
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Administrative Contact:
Name : Pan Wei wei
Organization : Pan Wei wei
Address : BaoChun Rd. 27, No. 3, 1F, Apt. 1903
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-58022118-58022118
Fax : 86-010-58022118-58022118
Email : 127@126.com
Technical Contact:
Name : Pan Wei wei
Organization : Pan Wei wei
Address : BaoChun Rd. 27, No. 3, 1F, Apt. 1903
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-58022118-58022118
Fax : 86-010-58022118-58022118
Email : 127@126.com
Billing Contact:
Name : Pan Wei wei
Organization : Pan Wei wei
Address : BaoChun Rd. 27, No. 3, 1F, Apt. 1903
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-58022118-58022118
Fax : 86-010-58022118-58022118
Email : 127@126.com
**********************************************************
Domain Name : hahahohoserver.com
PunnyCode : hahahohoserver.com
Creation Date : 2009-11-19 04:01:34
Updated Date : 2009-11-21 03:03:49
Expiration Date : 2010-11-19 04:01:18
Registrant:
Organization : liu wenge
Name : liu wenge
Address : jiefanglu177hao
City : jingzhou
Province/State : jingzhou
Country : cn
Postal Code : 434000
Administrative Contact:
Name : liu wenge
Organization : liu wenge
Address : jiefanglu177hao
City : jingzhou
Province/State : jingzhou
Country : cn
Postal Code : 434000
Phone Number : 86-716-8657847
Fax : 86-716-8128558
Email : wang9619@126.com
Technical Contact:
Name : liu wenge
Organization : liu wenge
Address : jiefanglu177hao
City : jingzhou
Province/State : jingzhou
Country : cn
Postal Code : 434000
Phone Number : 86-716-8657847
Fax : 86-716-8128558
Email : wang9619@126.com
Billing Contact:
Name : liu wenge
Organization : liu wenge
Address : jiefanglu177hao
City : jingzhou
Province/State : jingzhou
Country : cn
Postal Code : 434000
Phone Number : 86-716-8657847
Fax : 86-716-8128558
Email : wang9619@126.com
There is of course, one other domain involved here, the-jheenga-dns.com. This domain was created November 25th, and it's WhoIs record;
Domain Name : the-jheenga-dns.com
PunnyCode : the-jheenga-dns.com
Creation Date : 2009-11-25 05:32:15
Updated Date : 2009-11-25 05:32:15
Expiration Date : 2010-11-25 05:32:13
Registrant:
Organization : Yay Cfu
Name : Yay Cfu
Address : BaoChun Rd. 506, No. 85, 1F, Apt. 8327
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Administrative Contact:
Name : Yay Cfu
Organization : Yay Cfu
Address : BaoChun Rd. 506, No. 85, 1F, Apt. 8327
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-87990875-87990875
Fax : 86-010-87990875-87990875
Email : 99qmwsl@126.com
Technical Contact:
Name : Yay Cfu
Organization : Yay Cfu
Address : BaoChun Rd. 506, No. 85, 1F, Apt. 8327
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-87990875-87990875
Fax : 86-010-87990875-87990875
Email : 99qmwsl@126.com
Billing Contact:
Name : Yay Cfu
Organization : Yay Cfu
Address : BaoChun Rd. 506, No. 85, 1F, Apt. 8327
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-87990875-87990875
Fax : 86-010-87990875-87990875
Email : 99qmwsl@126.com
PunnyCode : the-jheenga-dns.com
Creation Date : 2009-11-25 05:32:15
Updated Date : 2009-11-25 05:32:15
Expiration Date : 2010-11-25 05:32:13
Registrant:
Organization : Yay Cfu
Name : Yay Cfu
Address : BaoChun Rd. 506, No. 85, 1F, Apt. 8327
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Administrative Contact:
Name : Yay Cfu
Organization : Yay Cfu
Address : BaoChun Rd. 506, No. 85, 1F, Apt. 8327
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-87990875-87990875
Fax : 86-010-87990875-87990875
Email : 99qmwsl@126.com
Technical Contact:
Name : Yay Cfu
Organization : Yay Cfu
Address : BaoChun Rd. 506, No. 85, 1F, Apt. 8327
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-87990875-87990875
Fax : 86-010-87990875-87990875
Email : 99qmwsl@126.com
Billing Contact:
Name : Yay Cfu
Organization : Yay Cfu
Address : BaoChun Rd. 506, No. 85, 1F, Apt. 8327
City : Bejing
Province/State : Beijing
Country : CN
Postal Code : 100176
Phone Number : 010-010-87990875-87990875
Fax : 86-010-87990875-87990875
Email : 99qmwsl@126.com
Posts
No comments:
Post a Comment