James Delahunty
17 Dec 2010 2:37
Trend Micro's TrendLabs blog has posted some information on a website that is redirected to from Wikileaks.org.
At present, the Wikileaks.org domain domain redirects to mirror.wikileaks.info, which is hosted on IP address 92.241.190.202. This IP address is registered to Heihachi Ltd, and this is where TrendLabs has put up a flag and felt the need to write about it.
While the site doesn't contain any malware, the TrendLabs blog regards the presence of the WikiLeaks mirror in this neighborhood as disturbing.
Heihachi Ltd. is known as a bulletproof, blackhat-hosting provider in Russia that is a safe haven for criminals and fraudsters. It hosts a long list of criminally related domains. Among these domains are banking fraud domains, carders’ (criminals who trade stolen credit card information) websites, malware sites, and phishing sites. No matter what your political view is, this is rather disturbing.
We don't know whether wikileaks.org has perhaps been compromised or whether WikiLeaks is knowingly getting services from a blackhat provider. Either way, we assess the wikileaks.info domain as highly risky and we do not recommend visiting this site as long as it is hosted by Heihachi Ltd.
Spamhaus' False Allegations Against wikileaks.info
Published 15-Dec-2010, 8:00 AM GMT
On Tuesday, 14-Dec-2010 Spamhaus has issued a statement wherein it labels wikileaks.info as "unsafe", as they consider our hosting company as a malware facilitator:
http://www.spamhaus.org/news.lasso?article=665
We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the wikileaks.info site and we can guarantee that there is no malware on it. We do not know who else is hosted with Heihachi Ltd and it is none of our business. They provide reliable hosting to us. That's it.
While we are in favour of "Blacklists", be it for mail servers or web sites, they have to be compiled with care. Just listing whole IP blocks as "bad" may be quick and easy for the blacklist editors, but will harm hosters and web site users.
Wikileaks has been pulled from big hosters like Amazon. That's why we are using a "bulletproof" hoster that does not just kick a site when it gets a letter from government or a big company. Our hoster is giving home to many political sites like castor-schottern.org and should not be blocked just because they might have hosted some malware sites.
Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser, for example), don't list us. We do hope that Spamhaus hasn't issued this statement due to political pressure.
Wikileaks.info will always be safe and clean. Promised:
Google Safe Browsing Check for wikileaks.info
Update (15-Dec-2010 17:00 PM GMT): Spamhaus has updated their statement to say that they don't blacklist us.
The wikileaks.info Team