[Dshield] new Agobot infection here?

Richard Roy Rich.Roy at justicetrax.com
Thu Mar 4 19:27:28 GMT 2004

According to DNSstuff.com and Arin.net it is some colocation company
hosting porn.  Most definitely a browser hijack by malware to get
traffic to the porn site.

www.ipiku.com. CNAME IN 38400 ipiku.com. ipiku.com. NS IN 38400
ns1.teen4ever.net. ipiku.com. NS IN 38400 ns2.teen4ever.net.
ns1.teen4ever.net. A IN 38400 ns2.teen4ever.net. A IN

Search results for: 

OrgName:    United Colocation Group, Inc.
OrgID:      UCG-14
Address:    200 Paul Ave., Suite 500
City:       San Francisco
StateProv:  CA
PostalCode: 94124
Country:    US

NetRange: -
NetName:    ASN-UNCGI-EXC-02
NetHandle:  NET-63-246-128-0-1
Parent:     NET-63-0-0-0-0
NetType:    Direct Allocation
RegDate:    2002-10-24
Updated:    2003-03-24

NOCName:   Info
NOCPhone:  +1-888-993-9339
NOCEmail:  info at unitedcolo.com

AbuseHandle: ABUSE185-ARIN
AbuseName:   Abuse
AbusePhone:  +1-888-993-9339
AbuseEmail:  abuse at unitedcolo.com

TechHandle: SYSAD4-ARIN
TechName:   Sysadmin-UCG
TechPhone:  +1-888-993-9339
TechEmail:  sysadmin at unitedcolo.com

OrgTechHandle: ZS203-ARIN
OrgTechName:   Sago Networks
OrgTechPhone:  +1-866-510-4000
OrgTechEmail:  ipadmin at sagonet.com

# ARIN WHOIS database, last updated 2004-03-03 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of Kenneth Coney
Sent: Thursday, March 04, 2004 12:03 PM
To: list at dshield.org
Subject: Re: [Dshield] new Agobot infection here?

Well the site is certainly infected with Trojan.ByteVerify.  Probably
stuff too.  In any case  since it has photos of children performing sex 
acts it's owners need to be tracked down and publicly executed.

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list