Apr 29, 2011

freaktorrents.info - 1

Recently I came across the website http://freaktorrents.info/ which distributes malware that is supposedly registered to Jake Ferrer with the e-mail anallima2000@yahoo.com.

This malicious website http://freaktorrents.info/unlock/ resolves to 182.50.148.1 an IP in Singapore through GoDaddy Singapore.

To be continued...

In the meantime, here are the Express results from my favorite http://network-tools.com/


IP address: 182.50.148.1
Host name: freaktorrents.info

Alias:
freaktorrents.info
182.50.148.1 is from Singapore(SG) in region Southern and Eastern Asia


TraceRoute to 182.50.148.1 [freaktorrents.info]

Hop (ms) (ms) (ms) IP Address Host name
1 1 Timed out 0 206.123.64.150 xe-4-1-0.jbdr2.dallas.colo4.com
2 0 0 0 64.124.196.225 xe-4-2-0.er2.dfw2.us.above.net
3 2 0 0 4.69.151.158 ae-83-83.ebr3.dallas1.level3.net
4 32 13 33 4.69.132.77 ae-3-3.ebr2.losangeles1.level3.net
5 32 32 Timed out 4.69.137.30 ae-92-92.csw4.losangeles1.level3.net
6 32 32 32 4.69.144.201 ae-4-90.edge3.losangeles1.level3.net
7 43 43 43 4.78.195.202 singapore-t.edge3.losangeles1.level3.net
8 43 226 43 203.208.149.118 ge-1-0-0-0.laxow-cr2.ix.singtel.com
9 216 43 43 203.208.183.146 xe-1-0-0-0.laxow-cr2.ix.singtel.com
10 214 216 214 203.208.152.226 -
11 231 216 227 203.208.183.153 xe-0-0-0-0.laxow-cr2.ix.singtel.com
12 224 211 220 182.50.156.165 ip-182-50-156-165.ip.secureserver.net
13 224 216 206 182.50.156.89 ip-182-50-156-89.ip.secureserver.net
14 216 221 221 182.50.148.1 sg2nlhg112c1112.shr.prod.sin2.secureserver.net

Trace complete


Retrieving DNS records for freaktorrents.info...

DNS servers
ns02.domaincontrol.com
ns01.domaincontrol.com

Answer records
freaktorrents.info SOA
server: ns01.domaincontrol.com
email: dns[at]jomax.net
serial: 2011012000
refresh: 28800
retry: 7200
expire: 604800
minimum ttl: 86400
86400s
freaktorrents.info MX
preference: 0
exchange: smtp.secureserver.net
3600s
freaktorrents.info A 182.50.148.1 3600s
freaktorrents.info NS ns01.domaincontrol.com 3600s
freaktorrents.info NS ns02.domaincontrol.com 3600s
freaktorrents.info MX
preference: 10
exchange: mailstore1.secureserver.net
3600s

Authority records

Additional records


Whois query for freaktorrents.info...

Results returned from whois.afilias.info:

Access to INFO WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the
Afilias registry database. The data in this record is provided by
Afilias Limited for informational purposes only, and Afilias does not
guarantee its accuracy. This service is intended only for query-based
access. You agree that you will use this data only for lawful purposes
and that, under no circumstances will you use this data to: (a) allow,
enable, or otherwise support the transmission by e-mail, telephone, or
facsimile of mass unsolicited, commercial advertising or solicitations
to entities other than the data recipient's own existing customers; or
(b) enable high volume, automated, electronic processes that send
queries or data to the systems of Registry Operator, a Registrar, or
Afilias except as reasonably necessary to register domain names or
modify existing registrations. All rights reserved. Afilias reserves
the right to modify these terms at any time. By submitting this query,
you agree to abide by this policy.

Domain ID:D28151764-LRMS
Domain Name:FREAKTORRENTS.INFO
Created On:27-Mar-2009 06:13:21 UTC
Last Updated On:29-Mar-2011 00:47:14 UTC
Expiration Date:27-Mar-2012 06:13:21 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:abcadcc326022240
Registrant Name:Jake Ferrer
Registrant Organization:Jake
Registrant Street1:NA
Registrant Street2:
Registrant Street3:
Registrant City:NA
Registrant State/Province:S
Registrant Postal Code:8000
Registrant Country:PH
Registrant Phone:+63.9266779680
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:anallima2000@yahoo.com
Admin ID:25a7bbef193ae920
Admin Name:Ferrer
Admin Organization:Jake
Admin Street1:NA
Admin Street2:
Admin Street3:
Admin City:NA
Admin State/Province:S
Admin Postal Code:8000
Admin Country:PH
Admin Phone:+63.9266779680
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:anallima2000@yahoo.com
Billing ID:25a7bbef193ae920
Billing Name:Ferrer
Billing Organization:Jake
Billing Street1:NA
Billing Street2:
Billing Street3:
Billing City:NA
Billing State/Province:S
Billing Postal Code:8000
Billing Country:PH
Billing Phone:+63.9266779680
Billing Phone Ext.:
Billing FAX:
Billing FAX Ext.:
Billing Email:anallima2000@yahoo.com
Tech ID:abcadcc326022240
Tech Name:Jake Ferrer
Tech Organization:Jake
Tech Street1:NA
Tech Street2:
Tech Street3:
Tech City:NA
Tech State/Province:S
Tech Postal Code:8000
Tech Country:PH
Tech Phone:+63.9266779680
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:anallima2000@yahoo.com
Name Server:NS01.DOMAINCONTROL.COM
Name Server:NS02.DOMAINCONTROL.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:


Network IP address lookup:


Whois query for 182.50.148.1...

Results returned from whois.arin.net:

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=182.50.148.1?showDetails=true&showARIN=false
#

NetRange: 182.0.0.0 - 182.255.255.255
CIDR: 182.0.0.0/8
OriginAS:
NetName: APNIC-182
NetHandle: NET-182-0-0-0-0
Parent:
NetType: Allocated to APNIC
RegDate: 2009-08-03
Updated: 2010-07-30
Ref: http://whois.arin.net/rest/net/NET-182-0-0-0-0

OrgName: Asia Pacific Network Information Centre
OrgId: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
RegDate:
Updated: 2004-03-01
Ref: http://whois.arin.net/rest/org/APNIC

ReferralServer: whois://whois.apnic.net

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188
OrgTechEmail: search-apnic-not-arin[at]apnic.net
OrgTechRef: http://whois.arin.net/rest/poc/AWC12-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#



Results returned from whois.apnic.net:

% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 182.50.128.0 - 182.50.159.255
netname: GODADDY-NET-SG
descr: 8 Cross Street
descr: #11-00 PWC Building
country: SG
admin-c: GNA32-AP
tech-c: GNA32-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-GODADDY-NET-SG
mnt-routes: MAINT-GODADDY-NET-SG
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed[at]apnic.net 20100226
source: APNIC

role: GODADDYCOM - network administrator
address: 8 Cross Street, #11-00 PWC Building
country: SG
phone: +011-1-480-505-8877
e-mail: gschwimer[at]godaddy.com
admin-c: GNA32-AP
tech-c: GNA32-AP
nic-hdl: GNA32-AP
mnt-by: MAINT-GODADDY-NET-SG
changed: hm-changed[at]apnic.net 20100226
source: APNIC