Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Malvertizement featuring Skype – again

October 15th 2008 in Uncategorized

image Malicious URLS:

s-tatetstr.com/crossdomain.xml
s-tatetstr.com/c/index.php?id=<<snipped>>

s-tatetstr.com – 92.62.100.27 – – Estonia – Starline Web Services
ICANN Registrar – TLDS, LLC DBA SRSPLUS
Created: 25 September 2008
NS: NS1.S-TATETSTR.COM
NS” NS2.S-TATETSTR.COM
Registrant:
        Sagent Group (adminsagent@gmail.com) associated with about 86 other domains
        Sagent Group Ltd.
        Guzel street, 45 
        Belize City, NONE  NONE
        BZ
        698-456-324

IP currently listed in Spamhaus:
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL66912

Sharing IP range (lots of old, familiar names here…)

1.  Statgroup.net
2.  Stathisranch.com
3.  Stathisranch.net
4.  Stathome.net
5.  Staticglobalsources.com
6.  Staticglobalsources.net
7.  Station-appraisals.com
8.  S-tatetstr.com
9.  S-tathisranch.com
10.  S-tathisranch.net
11.  Aboutstat.com
12.  S-tatgroup.net
13.  Aboutstat.net
14.  Vaskot.com
15.  Newstat.net
16.  Officialstat.com
17.  Officialstat.net
18.  Stat-diagnostic-imaging.net

 

image

Malicious URLs:

stathisranch.com/crossdomain.xml
stathisranch.com/c/index.php?<<snipped>>


One comment to...
“Malvertizement featuring Skype – again”

Matthew

thank u r   information                              

it very  useful

u r blog Is very  nice


The bad guys were mentioned here:http://msmvps.com/blogs/spywaresucks/archive/2008/10/14/1650776.aspx quicktds.name – 216.240.134.211 – California – Irvine – Go2online CorpICANN Registrar – Directi Internet SolutionsCreated 16 September 2008NS: NS1.STARTED.RU (now NS1.SUSPENDED-DOMAIN.COM)NS: NS2.STARTED.RU (now NS2.SUSPENDED-DOMAIN.COM)Registrant: Previously hidden behind privacyprotect.orgWHOIS now reveals: Registrant:     Vladislav A. Ternov (vladislavternov@googlemail.com) – email address associated with 4 domains.    Dimeevskaya 20 kv.134    Odessa    […]

Previous Entry

            Malicious URL:track.megaplexer.com/statsa.php?campaign=<<snipped>> ICANN Registrar: Estdomains, IncCreated: 7 April 2003NS: NS1.MEGAPLEXER.COMNS: NS2.MEGAPLEXER.COMRegistrant:Vasil pentykovich(leonardo126@gmail.com – associated with 22 domains)Ny tipa normalnij addressShobloOther,20365PRTel. +023.2569856Fax. +023.5565599 Domain suspended – previous IP 64.15.157.119 64.15.157.119 – Canada Iweb Dedicated Cl

Next Entry

Archives