Jump to content


Photo

priority estdomains domain suspension requests


  • This topic is locked This topic is locked
101 replies to this topic

#1 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 06 September 2008 - 08:46 AM

EstMate has joined malwarebytes.org and it appears that he has the ability to either directly or indirectly have rogue domains registered with Estdomains taken down .

Place all requests for rogue domain takedowns here and he should have them taken care of promptly .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#2 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 06 September 2008 - 08:49 AM

These two are current major problems and will cause serious problems for the zlob gang if they were to be taken down .

http://www.antispychecker.com/ <- directly installed by zlob trojan
http://scan.secure-online-antivirus.com/ <- fake scan site that zlob redirectls infected users to
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 tashi

tashi

    New Member

  • Experts
  • Pip
  • 34 posts
  • Gender:Not Telling

Posted 06 September 2008 - 12:03 PM

MS AntiVirus Rogue.

Trail:
nine4teen.com
Host: ferlin.ifrance.com
Host: js-perso.ifrance.com
Host: web.ifrance.com
Host: ad.ieurop.net
Host: sfttraff.com
www.Nineteen.com
Host: scanner.msscanneronline.com

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: SFTTRAFF.COM

Registrant:
Sawert Alliance ltd.
Peltonen Martti **********@gmail.com)
Jeledoroznaya str. 14
Volovoso
Leningradskaya oblast,188410
RU
Tel. +7.9218901266

Creation Date: 01-Sep-2008
Expiration Date: 01-Sep-2009

Domain servers in listed order:
ns2.sfttraff.com
ns1.sfttraff.com

-----------------------------------------------------------------
-----------------------------------------------------------------
Registration Service Provided By: VIVIDS MEDIA GMBH
Contact: +49.3094413291

Domain Name: MSSCANNERONLINE.COM

Registrant:
Sawert Alliance ltd.
Peltonen Martti **********@gmail.com)
Jeledoroznaya str. 14
Volovoso
Leningradskaya oblast,188410
RU
Tel. +7.9218901266

Creation Date: 01-Sep-2008
Expiration Date: 01-Sep-2009

Microsoft MVP. Consumer Security 2006-2013


#4 Tigger93

Tigger93

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,668 posts
  • Gender:Male

Posted 06 September 2008 - 01:46 PM

ANTIVIRUS2008PROXP.COM <- Rogue

#5 1972vet

1972vet

    Elite Member

  • Moderators
  • PipPipPipPipPip
  • 1,321 posts
  • Gender:Male
  • Interests:Computer security/malware
    World history
    Law enforcement

Posted 06 September 2008 - 07:27 PM

This one is still active:

antivirus777.com = [ 67.228.120.3 ]

(Asked whois.estdomains.com:43 about antivirus777.com)

Registration Service Provided By: ESTDOMAINS INC
Contact: 1.3027224217
Website: http://www.estdomains.com
Domain Name: ANTIVIRUS777.COM
Registrant:
Technocoil
Valeriy Liahov anatolij.ljahov@gmail.com

st. Dimitrova 7/43
Dimitrovgrad
Uljanovskaya oblast 33401
RU
Tel. 790.96581533
Creation Date: 20-Aug-2008
Expiration Date: 20-Aug-2009
Domain servers in listed order:
ns18.zoneedit.com
ns16.zoneedit.com
Administrative Contact:
Technocoil
Valeriy Liahov anatolij.ljahov@gmail.com

st. Dimitrova 7/43
Dimitrovgrad
Uljanovskaya oblast 33401
RU
Tel. 790.96581533
Technical Contact:
Technocoil
Valeriy Liahov anatolij.ljahov@gmail.com

st. Dimitrova 7/43
Dimitrovgrad
Uljanovskaya oblast 33401
RU
Tel. 790.96581533
Billing Contact:
Technocoil
Valeriy Liahov anatolij.ljahov@gmail.com

st. Dimitrova 7/43
Dimitrovgrad
Uljanovskaya oblast 33401
RU
Tel. 790.96581533
Status: ACTIVE

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E., A.S.A.P.
Maintenance for Windows XP, Windows Vista, Windows Seven


#6 Suzi

Suzi

    New Member

  • Experts
  • Pip
  • 19 posts

Posted 08 September 2008 - 12:45 AM

All the domains listed in this thread:

http://www.malwareby...?showtopic=6136

1. Antispyware2008b.com
2. Antivir--2008.com
3. Antivirus2008proxp.com
4. Directnameservice2008.com
5. Mediatubeforme1.com
6. Onsafepro2008.com
7. Smart-antivirus-2009-buy.com
8. Smart-antivirus-2009.com
9. Smart-antivirus-2009buy.com
10. Smart-antivirus2009-buy.com
11. Smart-antivirus2009.com
12. Smart-antivirus2009buy.com
13. Smartantivirus-2009-buy.com
14. Smartantivirus-2009.com
15. Smartantivirus-2009buy.com
16. Smartantivirus2009-buy.com
17. Smartantivirus2009.com
18. Smartantivirus2009buy.com
19. Traff-drive.com
20. Viruswebprotect2008.com
Suzi

Microsoft MVP Windows Security 2005 - 2009

#7 estMate

estMate

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 September 2008 - 06:00 AM

We've suspended all the domains listed in this topic. But please don't make posting these domains on this forum a habit. We have a 24/7 online tech support which can be contacted at https://support.estdomains.com or you can contact me via e-mail: webcontact_at_estdomains.com

Best regards,
EstDomains Team

#8 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 08 September 2008 - 06:42 AM

We will be doing both as it allows people to see that work is (or is not) being done .

Making this public is the point .

EDIT TO ADD :

Case in in point here :

http://www.antispychecker.com/ <- this is a true problem , not just a puff ball rogue site and as I expected still fully functional .

If you want to change people's minds you need to hurt some black hats (their $) , so do have what it takes ?
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 estMate

estMate

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 September 2008 - 07:16 AM

The fact is that posting in the forum isn't as reasonable because it only takes more time to find and suspend any domains so it'd be much better if everyone just used the ticket system. We can't always monitor forums for such posts. antispychecker.com has already been suspended with us.

#10 1972vet

1972vet

    Elite Member

  • Moderators
  • PipPipPipPipPip
  • 1,321 posts
  • Gender:Male
  • Interests:Computer security/malware
    World history
    Law enforcement

Posted 08 September 2008 - 07:29 AM

@estMate,
Now that you've posted in this thread, you'll not need to monitor this forum...you'll receive email notifications that something new has been posted here. Does that help?...or should we just abandon this idea?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E., A.S.A.P.
Maintenance for Windows XP, Windows Vista, Windows Seven


#11 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 08 September 2008 - 07:33 AM

I agree and as I said in my PM to you , this can be your main stop for domains that need to be removed .

I have spread this link around and people will be dumping many problem domains here .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 estMate

estMate

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 September 2008 - 07:43 AM

I still prefer tickets, as in this case our 24/7 support deals with them, but in case of a notification the only person who gets an email is me, but anyway, guys, if you want it so much I can't resist =)

#13 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 08 September 2008 - 08:09 AM

If you pull the Zlob dll up in memory you can see that its downloader has moved to :

http://ihatemondayand.com/get.php?partner= <- estdomains

which in turn points to :

http://download8.antispycheck.com/downloads/1/asc_2_setup.exe (and many other sub domains of antispycheck.com)

I would like to see a real attack on zlob today , I can feed you domains all day long .


Ihatemondayand.com and antispycheck.com need to be removed .

I will be back with current ZLob start points in a few minutes .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 estMate

estMate

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 September 2008 - 08:46 AM

Ihatemondayand.com and antispycheck.com - both suspended

#15 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 08 September 2008 - 09:18 AM

Ihatemondayand.com and antispycheck.com - both suspended



You are going to have to do better than that , I want an ETA and/or proof that the following downloads will stop working :

http://ihatemondayand.com/get.php?partner=
http://download8.antispycheck.com/downloads/1/asc_2_setup.exe

Please feel free to confirm for yourself that these are live still . BTW this is why we are doing this here in public , no one can see a ticket , everyone can try a download and see for themselves .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 GT500

GT500

    Mostly Cantankerous

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 6,250 posts
  • Gender:Male
  • Location:Fortville, IN

Posted 08 September 2008 - 08:02 PM

http://ihatemondayand.com/get.php?partner=
http://download8.antispycheck.com/downloads/1/asc_2_setup.exe


I can no longer access either domain.

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...


#17 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 08 September 2008 - 08:05 PM

Perfect time for a test , zlob hunting time .

I wonder if its moved or actually killed , place your bets .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 08 September 2008 - 08:08 PM

http://www.intervidd.com/download.php?id=1091


oooooooo , new domain , strike 1
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 08 September 2008 - 10:21 PM

While we wait for the next new zlob system32 dll to show up here is the current zlob zones domians export .

1st-tube.com
about-adult.net
antispyware2008a.com
antivirus-scanner.com
antivirus-scanonline.com
best-porncollection.com
bestporntgp.org
bestsoftware.cc
clickruntostartshow.com
codechost.com
codecsystem.com
comeforvidsoft.com
csoftddl.com
downloaditrightnow.com
etds0.net
favoredtube.com
fullscanner.com
getadultaccess.com
getavideonow.com
getqtysoftware.com
ieantivirus.com
malwarebell.com
malwscan.com
maxi-software.com
mega-soft-2008.com
mooncodec.com
movsonline.com
myflydirect.com
onlinevideosoftex.com
opaadownload.com
porntubev20.com
powerantivirus-2009.com
powerantivirus2009.com
pro-scanner.com
ruler-cash.com
s-freeware.com
sex18tube2008.com
sexysoftwaredom.com
shredderscan.com
soft-upgrade-network.com
softbestfree2008.com
software-portal2008
spywareisolator.com
supersoft21freeware.com
surf-scanner.com
the-programsportal.com
tube-viewer.com
veryhodownload.com
virusisolator.com
vsvs6.info
vwwredtube.com
wetsoftwares.com
youjizsite.com
youpornztube.com
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 hedgehog

hedgehog

    New Member

  • Members
  • Pip
  • 21 posts
  • Gender:Male
  • Location:Norway

Posted 09 September 2008 - 04:11 AM

another one:
totsec2009.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users