I've not worked out their obsession with HostNOC yet, but so far, the only two hosting companies they're flitting between, are CoolVDS (AS50669, well known to be criminal friendly) having until a few hours ago, been housed at 193.105.171.226 since their last stint on HostNOC (184.22.253.11) until July 7th.
You'll no doubt not be surprised to hear, other than their flitting between the two hosts, nothing has changed. Infection is still the same, registrars being used are still the same;
DomainContext
UK2 Group
DirectI
Transecute (DirectI reseller)
NetEarth One Inc
As of a few minutes ago, they're back to HostNOC/Burst yet again, using 184.22.224.141. I notified DirectI of the domain being used (funeralkimm.in) and they suspended it whilst I was writing this.
I'll be continuing to monitor these and update with new details as I find them.
References
Part 5a: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-5-interserver-malware-and-scottish_28.html
Part 5: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-5-interserver-malware-and-scottish.html
Part 4: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-4-interserver-malware-and-scottish.html
Part 3: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-3-interserver-malware-and-scottish.html
Part 2: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-2-interserver-malware-and-scottish.html
Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/interserver-malware-and-scottish.html
Tuesday 12 July 2011
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment