bobbear Posted April 6, 2007 Share Posted April 6, 2007 The domain in question is ourhosting.cn Who is the sponsoring registrar? The whois data from a variety of tools returns a series of question marks for the sponsoring registrar (even CNNIC - which incidentally seems to be having whois access problems ATM). This obfuscation may well be intentional as the domain is being used in conjunction with criminal fraud. On another tack, for all botnet afficionados, here is an interesting variation on a theme that I'm getting at the moment from the United Cargo Solutions money laundering criminal: http://www.dnsstuff.com/tools/traversal.ch...info&type=A On the face of it, the crook seems to be using a 'pseudo-botnet' arrangement with a selection of Yahoo! Geocities IPs from 184.108.40.206 to 220.127.116.11 inclusive to host the site on a fast DNS rotation controlled by two Yahoo nameservers, but I'm not 100% convinced that the data is telling the whole truth, so any opinions valued from DNS experts... As per usual it's proving difficult to convince the Yahoo! abuse teams of the apparent situation although every IP in the data is reportable to them... Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.