| View previous topic :: View next topic |
| Author |
Message |
MaKaVeLi
SWW Graduate
Joined: 04 Aug 2005
Last Visit: 07 Sep 2007
Posts: 158
Location: USA
|
|
| Back to top |
|
 |
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 08 Feb 2010
Posts: 10682
Location: sunny California
|
 Posted: Tue Jan 17, 2006 7:32 pm Post subject: |
 |
|
MaKaVeLi, which list do you mean? They are not in IE-SPYAD, but Eric hasn't been putting fake security center domains on the rogue list, if that's what you meant.
Thanks for posting them. We will certainly check them. Are those 2 showing up in HJT logs? How did you find them, if I can ask? I'm wondering if they are used for hijacking...
Edit - I see the app now Pesttrap and it isn't on the page, but I suspect it will be soon. 
I'll check out the domain whois info too.
Edit- I see the domain uptodatesecurity.com is already showing up in logs on Google.
_________________
Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. 
Last edited by suzi on Tue Jan 17, 2006 8:38 pm; edited 1 time in total |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 08 Feb 2010
Posts: 10682
Location: sunny California
|
| Posted: Tue Jan 17, 2006 7:52 pm Post subject: |
|
|
From known rogue ISP Intercage:
http://www.whois.sc/pesttrap.com
| Quote: |
Domain Name: PESTTRAP.COM
Registrant:
Popandopulos Ltd
Alison Popandopulos ()
2 Pyramid, Room 34
Chalkidiki
Chalkidiki,126322
GR
Tel. +001.41512345678
Creation Date: 19-Sep-2005
Expiration Date: 19-Sep-2007
Domain servers in listed order:
ns1.pesttrap.com
ns2.pesttrap.com |
http://www.whois.sc/69.50.167.173
| Quote: |
OrgName: InterCage, Inc.
OrgID: INTER-359
Address: 1955 Monument Blvd.
Address: #236
City: Concord
StateProv: CA
PostalCode: 94520
Country: US
ReferralServer: rwhois://rwhois.intercage.com:4321/
NetRange: 69.50.160.0 - 69.50.191.255
CIDR: 69.50.160.0/19
NetName: INTERCAGE-NETWORK-GROUP
NetHandle: NET-69-50-160-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: MAIL.ATRIVO.COM
NameServer: PAVEL.ATRIVO.COM
Comment:
RegDate: 2003-06-04
Updated: 2005-09-01 |
Blacklisted already:
http://www.whois.sc/rbl/?ip=69.50.167.173
http://spews.org/html/S2489.html
http://www.whois.sc/uptodatesecurity.com
UPTODATESECURITY.COM
| Quote: |
Website Title: Security Center
Response Code: 200
SSL Cert: No valid SSL on this Host, Get Secure
Alexa Trend/Rank: Not Ranked
Website Status: Active
Reverse IP: Web server hosts 5 websites (reverse ip tool requires free login)
Server Type: Apache
(Spry.com also uses Apache)
IP Address: 85.255.115.174 (ARIN & RIPE IP search)
IP Location: - Inhoster Hosting Company
Blacklist Status: Listed - Cached Today (details)
Whois History: 5 records stored
Oldest: 2006-01-06
Newest: 2006-01-14 |
It says the whois server is down. Frpm the history:
| Quote: |
Domain: uptodatesecurity.com
Cache Date: 2006-01-14
Registrar: CRITICAL INTERNET, INC.
--------------------------------------------------------------------------------
Registration Service Provided By: ESTDOMAINS
Contact: +372.55647646
Website: http://www.estdomains.com
Domain Name: UPTODATESECURITY.COM
Registrant:
na
Fom Terrens ()
PO Box 378
Senta
,47297
SE
Tel. +44.373849294572
Creation Date: 27-Dec-2005
Expiration Date: 27-Dec-2006
Domain servers in listed order:
ns1.uptodatesecurity.com
ns2.uptodatesecurity.com |
http://www.whois.sc/85.255.115.174
Inhoster Hosting Company aka Esthost I think.
5 domains found on 85.255.115.174
Showing all 5.
Website
Dns404.net
Necessaryupdates.com
Securitywarnings.net
Systemupdates.net
Uptodatesecurity.com
http://www.whois.sc/dns404.net
http://www.whois.sc/necessaryupdates.com not in IE-SPYAD
http://www.whois.sc/securitywarnings.net not in IE-SPYAD
http://www.whois.sc/systemupdates.net not in IE-SPYAD
systemupdate.net is in IE-SPYAD, but not systemupdates.net
These domains were just registered within the last week or so.
_________________
Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
eburger68
SWW Distinguished Expert
Joined: 23 Jun 2004
Last Visit: 18 Nov 2008
Posts: 589
Location: Clearwater, FL
|
| Posted: Tue Jan 17, 2006 11:56 pm Post subject: |
|
|
Hi All:
It's another SpySheriff clone.
(sigh)
Eric L. Howes |
|
| Back to top |
|
|
MaKaVeLi
SWW Graduate
Joined: 04 Aug 2005
Last Visit: 07 Sep 2007
Posts: 158
Location: USA
|
| Posted: Wed Jan 18, 2006 12:15 pm Post subject: |
|
|
| suzi wrote: |
| Edit - I see the app now Pesttrap and it isn't on the page, but I suspect it will be soon. |
Yeah I meant the app.
_________________
 |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 08 Feb 2010
Posts: 10682
Location: sunny California
|
| Posted: Wed Jan 18, 2006 10:26 pm Post subject: |
|
|
Thanks again for posting that. It's already being detected by some AV's. See SunbeltBLOG for more info.
http://sunbeltblog.blogspot.com/
_________________
Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
|
