Transfer in, transfer out. Guess those other urls have also some interesting stuff?
Transfer is likely the reason for “how do we get from 93.114 to 108.162”?
Currently displaying 3 of 3 domain names registered on September 10, 2012 and hosted at at the nameserver ixam-hosting. com.
Download all ixam-hosting. com activity for September 10, 2012(.CSV)
Domain Name
easyresolver. com
forum-reviews. com
upload-sell. com
Currently displaying 3 of 3 domain names transferred into ixam-hosting. com on September 10, 2012.
Download all ixam-hosting. com activity for September 10, 2012(.CSV)
Domain Name Transferred From
ultimatehacks. net name-services. com
winiphone4s. net downtownhost. com
xxxbanger. com ukrnames. com
Currently displaying 2 of 2 domain names transferred away from ixam-hosting. com on September 10, 2012.
diamondhosting. net cloudflare. com
strangebooter. com main-hosting. com
strangebooter. com http://urlquery.net/report.php?id=171635
ET RBN Known Russian Business Network IP (204)
“Exchange Paypal, Exchange Bank Wire, Exchange Pecunix, Exchange Bitcoin, Exchange Liberty Reserve”
Rogue payment site?
What you point out is the normal migration procedure for these kind of domains. They always comply, when found out and then open up shop somewhere else.
These are also the migration patterns you see on Netpilot’s daily archives and abuse dot ch. As you analyze Urlquery dot net for previous scans on the same IP or for the AS or when you do a searchquery for the alerted IDS flags from Suricata/Emerging Threats and/or Snort in combination with urlquery you find up a lot of interesting interlinking sites. Also interestin is a project honeypot IP query, see here: http://www.projecthoneypot.org/ip_93.114.45.84
Then also pay attention to associated harvesters mentioned there and what is being spread…
Main line of business: banking trojans, malvertising, spam, etc…