Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    The WikiLeaks main domain,, currently redirects to The latter site is hosted on IP address registered to Heihachi Ltd. Heihachi Ltd. is known as a bulletproof, blackhat-hosting provider in Russia that is a safe haven for criminals and fraudsters. It hosts a long list of criminally related domains. Among these domains are banking fraud domains, carders’ (criminals who trade stolen credit card information) websites, malware sites, and phishing sites. No matter what your political view is, this is rather disturbing.

    We at Trend Micro are committed to protecting our customers against threats on the Internet. The Trend Micro™ Smart Protection Network™ automatically assigns a very low reputation score to domain name not because of political controversy but because of actual facts about the bad neighborhood where this domain name is hosted. To give you an idea, here are some illustrious neighbors:,, (phishing), and

    We don’t know whether has perhaps been compromised or whether WikiLeaks is knowingly getting services from a blackhat provider. Either way, we assess the domain as highly risky and we do not recommend visiting this site as long as it is hosted by Heihachi Ltd.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Pingback: DDOS from AnonOps ( Up in Ya Granny Panties | P O D 3 1 3 Tech Tips()

    • William

      Actually the site contains a mirror of the "old" WikiLeaks page, containing all the leaks prior to the War Diaries and Cablegate releases.

    • Pingback: Wikileaks Mirror Accused In DoS Attack |

    • Pingback: WikiLeaks in a Dangerous Internet Neighborhood | Threat Trend Security News()

    • Pingback: Wikileaks Mirror Accused In DoS Attack()

    • Pingback: Wikileaks Mirror Accused In DoS Attack | ClipsNewsNetwork()

    • ac

      There is a Posting here from, These people are not Wikileaks, they are not from the official wikileaks organization. These turds just put wikileaks into their domain name to steal traffic and attempt to damage/infect others computers.

      trendmicros article is not entirely clear on this – they fall for the same confusion of believing anything with the word wikileaks must be official.

    • Meats

      You do realise that isn't the real wikileaks don't you? Heihachi is perpetrating a bit of trademark fraud and have managed to convince anonymous to packet spamhaus…

    • Pingback: NANO ZEN » Spamhaus under DDOS from AnonOps (

    • Wikisupporter

      # Luis Magisa Says:
      December 12th, 2010 at 8:35 pm

      That sounds like a really bad neighborhood.

      Sounds like a secure neighbourhood to me!

      Whilst the powers that be in the USA choose to disregard the First Amendment to the United States Constitution namely:

      infringing on the freedom of speech and infringing on the freedom of the press, what choice do Wikileaks have?

    • Pingback: WikiLeaks: Anonymous takes down Swedish prosecution website | The Guardian Reader()

    • Wolfgang Bleh

      the neighborhood may be dangerous, but the owner of decided to change to a russian provider, after someone directed to and lots of traffic jammed the server. I wrote about this on monday because it's somehow mysterious who's in control of I presume it is someone who does not like the newer developments at Wikileaks because mirrors the older wikileaks documents in the first place. There is a list of mirrors to cablegate mirrors. But the person who owns the domain thought there were cablecate mirrors enough. cheers Wolfgang


      It's very unfortunate that Trend labels us as unsafe site. We had to choose an bullet proof hoster so we can't be shut down easily.

      We are monitoring our website closely and we can guarantee that there is no malware on it.

      Judging a web site just by it's IP neighborhood is very convenient for you, but doesn't show any responsibility from your side.

      We promise that wikileaks will stay clean, no matter what any self-promoted internet police labels us. team

    • Davver is the official site atm, from what little I know. host -v -t any didn't reveal IP in range of those in article ( are the folks organising it at the moment).
      Thanks for the warning about .org though!

    • Dean Procter

      So why not offer them a safe site?
      Surely the millions of people visiting this site would look upon your company favourably, perhaps an ad placement?

    • #anonops #cablegate #wikileaks #

      I think the other neighborhoods kicked them out. They had there site attacked and pulled in us and other countries. Mirrors were urged to keep the information available, they are being denied business with the common large, well known, providers, of banking, servers/hosts, etc. They are trying to keep the site up and continously release information. Regular wikileaks is constantly being pulled, coming back with new urls, and now when u google wikileaks u just it spring up as a random ip address. If you google it youll get the latest one usually.

    • Pingback: WikiLeaks in a Dark Internet Neighborhood | Malware Blog | Trend Micro | Jared Rimer's Technology blog and podcast()

    • Pingback: WikiLeaks In A Dangerous Internet Neighborhood()

    • Luis Magisa

      That sounds like a really bad neighborhood.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice