What We Know of Our Botnet Master

Search Results for 209.8.25.156 [no reverse DNS set]

We know our botnet master uses the domains below as part of Ddos attacks.

4 Results for 209.8.25.156 (Umaxsearch.com)

Website DMOZ Wikipedia Yahoo

1. Lookuplive.com
2. Searchmeup.com
3. Topsearch10.com
4. Umaxsearch.com

WhoIs Lookup performed by Karen’s WhoIs
http://www.karenware.com/

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: UMAXSEARCH.COM
Registrar: ONLINENIC, INC.
Whois Server: whois.35.com
Referral URL: http://www.OnlineNIC.com
Name Server: NS1.UMAXSEARCH.COM
Name Server: NS2.UMAXSEARCH.COM
Status: clientTransferProhibited
Status: clientDeleteProhibited
Updated Date: 09-apr-2007
Creation Date: 11-sep-2003
Expiration Date: 11-sep-2008

Last update of whois database: Sun, 28 Oct 2007 09:28:15 UTC <<<

Registrant:
Leos Rousek wello@mail.ru +4.20721121332
Leos Rousek
Na Prikope 858/20
Praha 1,Praha,CZ 113 80

Domain Name:umaxsearch.com
Record last updated at 2007-04-09 03:22:19
Record created on 2003/9/11
Record expired on 2008/9/11

http://www.siteadvisor.com/sites/206.161.121.115/summary

What is Search-Space.com?
Search-Space.com and Start-Space.com are website search engines organized into a wide variety of categories and groups. They link to another search engine called Umaxsearch.com. Both Search-Space.com and Start-Space.com are both owed by a company called Web Interactive based in Russia. They take over as your start page or default search engine in Internet Explorer. Both appear to be a variant of the CoolWebSearch homepage hijacker as well.

Both pages redirect to the IP address http://69.31.80.210 which is the Umaxsearch.com page, but they use variables in the search string to display different results page with pay per click search engine results.
http://www.pchell.com/support/searchspace.shtml

206.161.121.115

Coolwebsearch.com Terminated Affiliates List

Date: 17 September 2006
Source:
http://www.coolwebsearch.com/hijacking.html
2005-05-19: UPDATE

008i.com
0ml.net
103.nowfind.biz
195.225.176.14
24-7-search.com
69.50.164.196
69.50.164.197
911-search.info
all-find.net
all-find.org
allneedsearch.com
allstarsearch.net
allwebseek.com
azesearch.com
b0o.net
best-search.info
bestsearch.name
big-search.biz
blastsearch.net
boredlife.com
cameup.com
cannotfind.net
coopto.directwebsearch.net
count.cc
daily-search.com
datasearch.info
find777.com
find-everything.com
find-more.net
find-online.net
find-on-the-net.com
findpalm.biz
findpollen.net
gigasearch.biz
heretofind.com
hot-search.biz
infoglobus.com
instafinder.com
iwantsearch.com
judin.ru
kita-search.com
kliksearch.com
likesurfing.com
line-plus.com
list2004.com
magicsearch.us
makemesearch.com
martfinder.com
myhandysearch.com
ne-ebu.com
new-search.info
ntsearch.com
online-service.cc
oz.msie.tv
perfect-search.net
petardas.com
placeforsearch.com
power-search.info
ravesearch.net
richfind.com
rootsearch.biz
runsearch.com
search.xrenoder.com
search-1.net
search4fun.net
search-777.com
search-all-fast.com
searchcentral.cc
searchcomplete.com
search-control.com
searchdesire.com
searchforfree.info
searchinwww.cc
search-it-now.net
searchmeup.com
search-paga.com
searchpage.cc
searchterror.com
search-to-find.com
search-town.net
searchweb2.com
searchx.cc
searchxp.com
speed-search.biz
supacoopa.directwebsearch.net
swift-look.com
targetclicks.net
teen-biz.com
thenewsearch.com
top-search.us
try-this-search.biz
umaxsearch.com
v73.us
viewpornkey.com
vip-search.biz
web.all-find.org
weba.directwebsearch.net
web-searcher.info
worldnetsearch.org
wow-access.com
http://www.search-motor.com
http://www.zapros.com
xyesearch.com
xysearch.biz
yellow-pages.ws
your-search.info
yoursearch.ws
yoursearch247.com
your-searcher.com
yupsearch.com
zetta-search.com

May also be associated with the following domains:
123find.org
123find.com
http://www.ggfind.info/search.php?q=scamfraudalert&btnG2=Search

80.82.139.133
87.118.70.2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s