After a brief return to life using Impulso‘s DNS services, our bad guys (80.91.176.192) switched to a different provider: publicvm.com
However, at the time of writing this post, I got a 404 page when redirected from ‘redspacetube.com‘.
There’s nothing like a good game of cat and mouse 
In the meantime, let’s have a look at the good folks from publicvm.com:
Registrant:
Lisa Zheng
[email protected]
ND
988 Eight Mile Rd
Cincinnati OH, 45255
+1.8595728480
CA
Registrar: NetDorm, Inc
“Free Dynamic DNS services to allow running websites on home PC at dnsExit.com”
dnsExit is a Subsidiary of NetDorm, Inc :
Registrant
Jack Chen
7721 Five Mile Road, Suite 147
Cincinnati Ohio, 45255
+1.8597608480
US
NetDorm is “ICANN ACCREDITED”:
As I am nearing the end of this post, I did a quick check again and all of the sudden the pages are back online! Sigh..
The latest link is: jirenebusirik.linkpc.net/anal.html
ICANN Registrar:NETDORM, INC. DBA DNSEXIT.COM
The Trojan that gets downloaded is poorly detected by Anti-Virus products (only 2 out of 43 on VirusTotal; link here).
A ticket has been filed with dnsExit’s support. Can someone please do something??
Jerome Segura
Leave a reply
