decitu.com is one of estdomain’s October registrations, checking it out my browser was redirected to porno-tube-online.com/porn/. Obviously an adult content site.
Snippet from my log,
/banners/flash/24368/json_400x600_005.swf 11,524 application/x-shockwave-flash
By the way, if your Adobe flash is up to date and you think you are protected from SWF exploits see Sandi’s article at Spyware Sucks.
Adobe Flash 10 does NOT stop malvertizement hijacking
A lot of malware victims end up in help forums because they were redirected to a bad site, or intentionally downloaded video codecs so they could watch such content.
The dialog informs that a codec is needed to view the video, this is where you should stop already before infecting your computer.
The anti virus program alerted.
Hiding in the background waiting for an unsuspecting user to download the codec was a rogue, the link on its own produced an error.
Domain Name: DECITU.COM
ICANN Registrar: ESTDOMAINS, INC.
3 other sites hosted on this server.
Certifiedbug October 24, 2008. EstDomains, Inc. PR
From EstDomains’s Press release,
Once again EstDomains, Inc would like to address the interactive community and ask for co-operation to make the Internet clear and safe. Please report infringements that involve the activity of EstDomains, Inc customers to: https://support.estdomains.com.
The support link they provided produced,
“The requested site did not respond to a connection request and the browser has stopped waiting for a reply.”
I went directly to their website and clicked the red ‘Report Abuse’ button, same thing.
The rest of the site loads normally, it is the ‘support’ page that was kapoot at time of writing.