Spamhaus under DDOS from AnonOps (Wikileaks.info)
lists at foks.se
Sun Dec 19 15:19:31 CST 2010
On 12/19/2010 08:33 PM, Ned Moran wrote:
> additional evidence
> On Sun, Dec 19, 2010 at 2:25 PM, Rich Kulawiec <rsk at gsp.org> wrote:
>> On Sun, Dec 19, 2010 at 12:46:33PM -0600, Frank Bulk - iName.com wrote:
>>> While I tend to trust Steve and Spamhaus because of their built up
>>> reputation, it would be helpful if some concrete facts were published
>>> the "more than 40 criminal-run sites operating on the same IP address as
>>> wikileaks.info, including carder-elite.biz, h4ck3rz.biz, elite-crew.net,
>>> bank phishes paypal-securitycenter.com and postbank-kontodirekt.com."
>> I found this:
>> (as well as the SBL records those reference) quite interesting.
The evidence is for Webalta, which hosts Heihachi (which hosts
wikileaks.info). I spent some minutes checking Heihachis IP block
188.8.131.52 – 184.108.40.206.
I found 255 .com/.net domains which use this IP block and Heihachis DNS
servers. Google reports that none of them is used to serve malware. Two
of them, dhl24-servicecenter.com and pixel-banner.com, are reported as
phishing sites. Both are down at the moment.
4 addresses on this IP block, all seems to be up.
reports 3 addresses on underground-infosource.info. This site is not
online at the moment.
If Heihachi hasn't cleaned up very good the last days I would say that
they behave much better than Webaltas customers in general.
More information about the NANOG