These domains seem to be active today, new ones in bold.
- bce8.ru
- ch35.ru
- iroe.ru
- jve4.ru
- kjwd.ru
- kodj.ru
- kpo3.ru
- kr92.ru
- ncwc.ru
- nemr.ru
- nmr43.ru
- pfd2.ru
- po4c.ru
One oddity - the URL
zvz.cc/forums/8L0/join.upq has been spotted as a redirector for these Javascript exploits. Google list zvz.cc that as a
malware infected site, it is hard to tell though if this is just another victim or part of the C&C for the botnet. For the record, these are the WHOIS details.. but they might not mean very much.
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com
Domain Name: ZVZ.CC
Registrant:
Himpet .Inc
Evgenij Novoberkov (zvz@tut.by)
Stahanov.St 120
Minsk
Missouri,222120
US
Tel. +022.2720771
Creation Date: 09-Apr-2008
Expiration Date: 09-Apr-2009
Domain servers in listed order:
ns2.zvz.cc
ns1.zvz.cc
Administrative Contact:
Himpet .Inc
Evgenij Novoberkov (zvz@tut.by)
Stahanov.St 120
Minsk
Missouri,222120
US
Tel. +022.2720771
Technical Contact:
Himpet .Inc
Evgenij Novoberkov (zvz@tut.by)
Stahanov.St 120
Minsk
Missouri,222120
US
Tel. +022.2720771
Billing Contact:
Himpet .Inc
Evgenij Novoberkov (zvz@tut.by)
Stahanov.St 120
Minsk
Missouri,222120
US
Tel. +022.2720771
Status:ACTIVE
No comments:
Post a Comment