I'm seeing persistent FTP attempts from an IP (217.8.137.183) that resolves to: exploit.rootwhores.org Anyone know what's going on with this domain? Is this a blackhat with no stealth instinct, or a completely compromised (including DNS) good guy? Attached is whois info. John Rodley ---------------------------------------------------------------------------- You agree that you will not reproduce, sell, transfer, or modify any of the data presented in response to your search request, or use of any such data for commercial purpose, without the prior express written permission of Domaininfo AB - domaininfo.com Register your name in 200+ top level domains at http://www.domaininfo.com domaininfo.com ---------------------------------------------------------------------------- Registrar:domaininfo.com Domain Name: rootwhores.org [Owner of domain] iTnetworks Dronnings gt. 15 Larvik, 3260 NO [Administrative contact] Samuelsen, Benny Visual Web Norge DA Hans Kiærsgate 6 3041 Drammen NO Email: hostmaster@visual-web.no Phone: 47 32 260200 Fax: 47 32 811355 [Technical contact] Samuelsen, Benny Visual Web Norge DA Hans Kiærsgate 6 3041 Drammen NO Email: hostmaster@visual-web.no Phone: 47 32 260200 Fax: 47 32 811355 [Zone contact] Samuelsen, Benny Visual Web Norge DA Hans Kiærsgate 6 3041 Drammen NO Email: hostmaster@visual-web.no Phone: 47 32 260200 Fax: 47 32 811355 Record created: 18 Dec 2001 Record last changed: 18 Dec 2001 Domain expires: 18 Dec 2003 Primary name server: ns1.nameserveren.com (195.159.151.21) Secondary name server: ns2.nameserveren.com (195.159.151.12) The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Mar 14 2002 - 08:49:48 PST