Skip to main content now hosted by Russian criminals

Spam tracking outfit Spamhaus has warned that that the original WikiLeaks address,, now redirects traffic to a site operated by what it calls 'Russian cybercriminals'.

It says Webalta's IP address space has been listed on the Spamhaus Block List (SBL) since October 2008 due to nefarious activites associated with the address

Spamhaus regards the Russian Webalta (also known as Wahome) host as being "blackhat" - a known cybercrime host from whose IP space Spamhaus only sees spamming, malware/virus hosting, phishing and other dodgy activities.

The outfit says it is concerned that any WikiLeaks archive posted on a site that is hosted in Webalta space might be infected with malware.

The main web site now redirects visitors to and thence directly into Webalta's controlled IP address space, which means, Spamhaus says, that "there is substantial risk that any malware infection would spread widely."

The outfit also thinks the mirror site is a bit dodgy and reckons the content of the site is not the same as other WikiLeaks mirrors. It suggests users head to the organisation's 'real' site at,, or one of many other mirror sites around the world.

Spamhaus says it "takes no political stand on the WikiLeaks affair". A spokesman said he hopes "WikiLeaks staff will quickly address the hosting issue to remove the possibility of cybercriminals using WikiLeaks traffic for illicit purposes."

On Sunday researcher Feike Hacquebord at Trend Micro issued a similar warning in the Trend Micro Malware Blog.