Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

A quick update about some bad Directi registered domains

October 15th 2008 in Uncategorized

The bad guys were mentioned here:
http://msmvps.com/blogs/spywaresucks/archive/2008/10/14/1650776.aspx

quicktds.name – 216.240.134.211 – California – Irvine – Go2online Corp
ICANN Registrar – Directi Internet Solutions
Created 16 September 2008
NS: NS1.STARTED.RU (now NS1.SUSPENDED-DOMAIN.COM)
NS: NS2.STARTED.RU (now NS2.SUSPENDED-DOMAIN.COM)
Registrant: Previously hidden behind privacyprotect.org
WHOIS now reveals:

Registrant:

    Vladislav A. Ternov (vladislavternov@googlemail.com) – email address associated with 4 domains.
    Dimeevskaya 20 kv.134
    Odessa
    Odess’ka,65000
    UA
    Tel. +380.935187553

216.240.134.211 – Resolve Host trap17.com – NO CHANGE
Domains in IP range – 239 domains.

pcvirusbuster.com – 64.86.17.44 – Ontario – Brampton – Velcom
ICANN Registrar – Directi Internet Solutions
Created: 7 October 2008
NS: SKY.EARTH.ORDERBOX-DNS.COM (Now NS1.SUSPENDED-DOMAIN.COM)
NS: SKY.MARS.ORDERBOX-DNS.COM (Now NS2.SUSPENDED-DOMAIN.COM)
NS: SKY.MERCURY.ORDERBOX-DNS.COM (DELETED)
NS: SKY.VENUS.ORDERBOX-DNS.COM (DELETED)
Registrant: Previously hidden behind privacyprotect.org
WHOIS now reveals:

Registrant:
    Aaron Williams (aaronwilliamssir@googlemail.com) – email address associated with 4 domains
    1800 Century Place NE, Suite 555
    Atlanta
    Georgia,30345
    US
    Tel. +001.4046791621

trap17.com – 208.87.242.120 – California – Walnut – Psychz Networks
ICANN Registrar – Directi Internet Solutions
Created 9 May 2004
NS: OM1.COMPUTINGHOST.COM
NS: OM2.COMPUTINGHOST.COM
NS: OM3.COMPUTINGHOST.COM
NS: OM4.COMPUTINGHOST.COM
Registrant: Hidden behind privacyprotect.org


One comment to...
“A quick update about some bad Directi registered domains”

<unknown>

is Vladislav A. Ternov,((vladislavternov@googlemail.com) – email address) russian?


Announced just a short while ago:http://blogs.adobe.com/psirt/2008/10/security_bulletin_for_flash_pl.html As my regular readers know, there are security changes in Flash 10 that *may* impact on the ever problem malvertizements that have been a too-regular topic on this blog (btw, I received an email this morning from an AV company contact to warn me that bloomberg.com has been affected […]

Previous Entry

Malicious URLS: s-tatetstr.com/crossdomain.xml s-tatetstr.com/c/index.php?id=<<snipped>> s-tatetstr.com – 92.62.100.27 – – Estonia – Starline Web ServicesICANN Registrar – TLDS, LLC DBA SRSPLUSCreated: 25 September 2008NS: NS1.S-TATETSTR.COMNS” NS2.S-TATETSTR.COMRegistrant:        Sagent Group (adminsagent@gmail.com) associated with about 86 other domains        Sagent Group Ltd.        Guzel street, 45          Belize City, NONE  NONE        BZ        698-456-324 IP currently listed in […]

Next Entry

Archives