I heard this through the grapevine and thought I would mention it here.
As some of you know, Netbilling was "hacked" a few months ago and the "hacker" only got access to email addresses and names.
Strange that the hacker didn't get any credit card numbers isn't it?
This "hacker" has been spamming email addresses used in transactions passed to Netbilling.
If you look at the sites the mailer is spamming, they are all .info and .biz domains hosted at 64.157.9.184
http://www.whois.sc/reverse-ip/64.157.9.184
Take a look at this IP and the domains hosted there.
There are 542 domains hosted on this IP. They are all .info and .biz domains.
Also, guess where this IP is located? Candidhosting.
http://www.whois.sc/reverse-ip/64.157.9.184
Candidhosting is hosting 542 .info and .biz domains that are constantly spammed and does nothing? Sounds strange?
It gets better.
Guess who controls the DNS for
www.netbilling.com? Yep.
Candidhosting
www.netbilling.com
NS2.CANDIDHOSTING.COM 64.159.90.10
NS1.CANDIDHOSTING.COM 64.159.90.4
http://www.whois.sc/netbilling.com
So, a "hacker" hacks in to the Netbilling database and only takes names and email addresses but no credit card numbers, sets up a server right at Candidhosting and starts spamming away, while Netbilling and Candidhosting do nothing.
Sound about right?