Another look into’s troubled past

I previously reported on and the current and previous owners.  But what about the February 2016 botnet attacks? Who was the owner when the domain name was invoked in those attacks?

According to DomainTools, the owner of in February 2016 was Slawek Modrzejewski.  Slawek was original owner of the domain name since it was first registered in 11/15/2015.

On 4/9/2016, the registration for was dropped by GoDaddy.  Five days later, the registration was picked up by SouthNames Inc. ( with an anonymous owner protected by United Privacy Corp, which is based in Belize.

In addition to the number WHOIS record updates for, there has been an equally historic hosting history.  As of this writing, has been pointed to 14 different IP addresses, shown in the illustration below from DomainTools.

Epic hosting history!

During the botnet attacks, the hosting IP address was changed to which is managed by ColoCrossing.  After the attacks the server IP address was changed to – which is a bit odd as that IP is managed by Alascom, Inc. in Anchorage, Alaska.  Further information provided by DomainTools shows 78 domain names have A records going to

This leads to none of those domain names actually resolving anywhere, which may appear to be some sort of “spammer nullroute”.  The full list of the 78 domain names pointing to is available here. I notified AT&T/Alascom about these fake A records pointing to their infastructure and will follow up if I hear back from their NOC/IPAM team.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.