WikiLeaks in a Dark Internet Neighborhood | Malware Blog

May 2013
S	M	T	W	T	F	S
« Apr
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Dec12

WikiLeaks in a Dangerous Internet Neighborhood

6:36 pm (UTC-7) | by Feike Hacquebord (Senior Threat Researcher)

The WikiLeaks main domain, Wikileaks.org, currently redirects to mirror.wikileaks.info. The latter site is hosted on IP address 92.241.190.202 registered to Heihachi Ltd. Heihachi Ltd. is known as a bulletproof, blackhat-hosting provider in Russia that is a safe haven for criminals and fraudsters. It hosts a long list of criminally related domains. Among these domains are banking fraud domains, carders’ (criminals who trade stolen credit card information) websites, malware sites, and phishing sites. No matter what your political view is, this is rather disturbing.

We at Trend Micro are committed to protecting our customers against threats on the Internet. The Trend Micro™ Smart Protection Network™ automatically assigns a very low reputation score to domain name wikileaks.info not because of political controversy but because of actual facts about the bad neighborhood where this domain name is hosted. To give you an idea, here are some illustrious neighbors: paypal-securitycenter.com, carders.kz, idchecking.ir (phishing), and postbank-sicherung.com.

We don’t know whether wikileaks.org has perhaps been compromised or whether WikiLeaks is knowingly getting services from a blackhat provider. Either way, we assess the wikileaks.info domain as highly risky and we do not recommend visiting this site as long as it is hosted by Heihachi Ltd.

Share this article

This entry was posted on Sunday, December 12th, 2010 at 6:36 pm and is filed under Bad Sites . Both comments and pings are currently closed.

Pingback: DDOS from AnonOps (Wikileaks.info) Up in Ya Granny Panties | P O D 3 1 3 Tech Tips
William

Actually the site contains a mirror of the "old" WikiLeaks page, containing all the leaks prior to the War Diaries and Cablegate releases.
Pingback: Wikileaks Mirror Accused In DoS Attack | NW0.eu
Pingback: WikiLeaks in a Dangerous Internet Neighborhood | Threat Trend Security News
Pingback: Wikileaks Mirror Accused In DoS Attack
Pingback: Wikileaks Mirror Accused In DoS Attack | ClipsNewsNetwork
ac

There is a Posting here from Wikileaks.info, These people are not Wikileaks, they are not from the official wikileaks organization. These turds just put wikileaks into their domain name to steal traffic and attempt to damage/infect others computers.

trendmicros article is not entirely clear on this – they fall for the same confusion of believing anything with the word wikileaks must be official.
Meats

You do realise that wikileaks.info isn't the real wikileaks don't you? Heihachi is perpetrating a bit of trademark fraud and have managed to convince anonymous to packet spamhaus…
Pingback: NANO ZEN » Spamhaus under DDOS from AnonOps (Wikileaks.info)
Wikisupporter

# Luis Magisa Says:
December 12th, 2010 at 8:35 pm

That sounds like a really bad neighborhood.

Sounds like a secure neighbourhood to me!

Whilst the powers that be in the USA choose to disregard the First Amendment to the United States Constitution namely:

infringing on the freedom of speech and infringing on the freedom of the press, what choice do Wikileaks have?
Pingback: WikiLeaks: Anonymous takes down Swedish prosecution website | The Guardian Reader
http://www.intern.de Wolfgang Bleh

the neighborhood may be dangerous, but the owner of wikileaks.info decided to change to a russian provider, after someone directed wikileaks.org to wikileaks.info and lots of traffic jammed the server. I wrote about this on monday http://www.intern.de/internet-news/8638-domain-wikileaksorg-taucht-wieder-auf.html because it's somehow mysterious who's in control of wikileaks.org. I presume it is someone who does not like the newer developments at Wikileaks because wikileaks.info mirrors the older wikileaks documents in the first place. There is a list of mirrors to cablegate mirrors. But the person who owns the domain thought there were cablecate mirrors enough. cheers Wolfgang
http://wikileaks.info wikileaks.info

It's very unfortunate that Trend labels us as unsafe site. We had to choose an bullet proof hoster so we can't be shut down easily.

We are monitoring our website closely and we can guarantee that there is no malware on it.

Judging a web site just by it's IP neighborhood is very convenient for you, but doesn't show any responsibility from your side.

We promise that wikileaks will stay clean, no matter what any self-promoted internet police labels us.

Wikileaks.info team
Davver

http://www.wikileaks.ch/ is the official site atm, from what little I know. host -v -t any wikileaks.ch didn't reveal IP in range of those in article (piratenpartei.ch are the folks organising it at the moment).
Thanks for the warning about .org though!
Dean Procter

So why not offer them a safe site?
Surely the millions of people visiting this site would look upon your company favourably, perhaps an ad placement?
#anonops #cablegate #wikileaks #

I think the other neighborhoods kicked them out. They had there site attacked and pulled in us and other countries. Mirrors were urged to keep the information available, they are being denied business with the common large, well known, providers, of banking, servers/hosts, etc. They are trying to keep the site up and continously release information. Regular wikileaks is constantly being pulled, coming back with new urls, and now when u google wikileaks u just it spring up as a random ip address. If you google it youll get the latest one usually.
Pingback: WikiLeaks in a Dark Internet Neighborhood | Malware Blog | Trend Micro | Jared Rimer's Technology blog and podcast
Pingback: WikiLeaks In A Dangerous Internet Neighborhood
Luis Magisa

That sounds like a really bad neighborhood.

TrendLabs Malware Blog

Trend Micro

Targeted Attacks

Mobile

Recent Posts

Calendar