Active: Stop Forum Spam
Whois Record for Moreprobe.com
IP Location: Estonia – Harjumaa – Tallinn – Starline Web Services
IP Address: 92.62.101.58
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Created: 2009-02-19
Expires: 2010-02-19
Updated: 2009-02-19
Name Server: NS1.MOREPROBE.COM (has 1 domains)
Name Server: NS2.MOREPROBE.COM
Whois Server: whois.publicdomainregistry.com
Registrant: Renat Radov
4-i Proektirumyi proezd, vl. 8
Moskva
Moskovskaya oblast,220020
RU
Unhappy forum posters:
http://www.rotaryforum.com/forum/showthread.php?t=20301
FireEye Malware Intelligence Lab
2009.02.11
Bad Actors Part 1 – Starline Web Services
As the title suggests, the first up to bat is Starline Web Services. They are hosted by Compic in Estonia, who is legendary for allowing malicious content on their network.
Whois Record for Starlinewebservices.com
Whois Server: whois.verisign-grs.com
Domain Status: Deleted And Available Again
However if one stays on the page awhile an active webpage comes up,
ds58.esthost.eu
Website Title: Starline Web Services :: Esileht
IP Address: 195.5.116.233
IP Location: Estonia – Harjumaa – Tallinn – Compic Ltd
Domain: esthost
Registrant:
NOT DISCLOSED!
Visit www.eurid.eu for webbased whois.
Registrar:
Name: Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com
Website: www.publicdomainregistry.com
Directi refresher:
http://certifiedbug.com/blog/tag/directi/
Redirect from gotscan.com to user4scan.com. <– Do not go to either.
Received typical scareware warnings, rogue was not detected by my anti virus program. The installer repeatably failed, popping up the same windows and freezing the browser.
Domain Name: USER4SCAN.COM
IP Location: Germany – Berlin – Berlin – Netdirekt E.k
Registration Service Provided By: SELLOUT.NAME
Creation Date: 12-Mar-2009
Expiration Date: 12-Mar-2010
Domain servers in listed order:
ns2.dnsexit.com
ns1.dnsexit.com
Domain name: gotscan.com
IP Location: Germany – Berlin – Berlin – Netdirekt E.k
ICANN Registrar: BIZCN.COM, INC.
Edit to add:
SELLOUT.NAME
ICANN Registrar: Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com
Created: 2006-11-08
Expires: 2009-11-08
Updated: 2009-02-03
Scareware Spyburner becomes XpyBurner.
From EULA.
C. Some of our products may be unsuited to run with other software. We have the right to uninstall incompatible products. We will notify our customers before uninstalling such products. A customer cannot claim a refund if the reason is a requisition or removal of conflicting software.
Coexistence of some products may lead to many unsatisfactory effects as well as to slow the customer’s system. That is why the usage of XpyBurner requires the uninstallation of products which represent a risk to the system.
Uh huh…
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By: ERDOMAIN.COM
Registrant: PrivacyProtect.org
DIRECTI doesn’t appear to be cleaning up its act.
Spyware Sucks: I just knew I’d find DIRECTI in there somewhere…
Continually blog spammed by 2009sites3.biz I googled for hits.
Bestantivirusdefence.com
ICANN Registrar: BIZCN.COM, INC.
Created: 2009-01-03
Expires: 2010-01-03
Updated: 2009-01-10
Name Server: NS1.EUROPEGIGABYTE.COM
Name Server: NS2.EUROPEGIGABYTE.COM
Name Server: NS3.EUROPEGIGABYTE.COM
IP Address: 75.126.175.232
Domain Status: Registered And No Website
Clicking ‘Cancel’ or trying to close by hitting the X won’t stop it.
Of course that Microsoft Security Warning has nothing to do with Microsoft, it is the rogue speaking.
Domain Name: 2009SITES3.BIZ
IP Address: 70.86.194.49
Sponsoring Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A
PUBLICDOMAINREGISTRY.COM
Created: 2009-01-12
Expires: 2010-01-11
Updated: 2009-01-12
Archives: http://certifiedbug.com/blog/?s=Directi
Of interest, 01-12-09.
Sandi’s blog “Spyware Sucks”. Directi Internet Solutions strikes again
I ask you – just how obvious does the impersonation of a legitimate company have to be before Directi notices and stops a site from going live *before* it can do harm???
