antivirus-fast-scan04.com - rogue antivirus
Virustotal a few moments ago: Result: 1/41 (2.44%). Comodo is the one recognizing it.
A dig for antivirus-fast-scan04. com shows right now:
antivirus-fast-scan04.com. 1900 IN A 94.102.51.26 antivirus-fast-scan04.com. 1900 IN A 78.46.251.43 antivirus-fast-scan04.com. 1900 IN A 88.198.107.25 antivirus-fast-scan04.com. 1900 IN A 88.198.120.177 antivirus-fast-scan04.com. 1900 IN A 91.212.107.5 antivirus-fast-scan04.com. 1900 IN A 91.212.127.200
From the top:
94.102.51.26: Ecatel
78.46.251.43: Hetzner in Germany, "Siarhei Shandrokha" / senpai-it.com
88.198.107.25: Hetzner again
88.198.120.177: Oh, that's Hetzner too
91.212.107.5: Something called Riccom-NET / Riccom LTD / riccom-cy.org in Cyprus
91.212.127.200: Telos-Solutions-NET / Telos Solutions LTD / telosnet.nl
Ecatel and Hetzner are common when we speak about hosting various bad stuff.
Child abuse, malware, trojans etc. You name it.
Two black hosts. As black as it is possible to be.
I wonder when they really get shut down.
Ecatel has escaped one earlier. Time to take it down now?
If you like to have a look at fake anti-virus programs (in a secure way, if you don't know how, just leave it):
antivirus-fast-scan04. com/download/Antivirus_21. exe
(empty space in front of com and exe there)
Whois info for antivirus-fast-scan04. com (probably not worth anything, but you never know)
Domain Name: ANTIVIRUS-FAST-SCAN04.COM
Registrar: TODAYNIC.COM, INC.
Whois Server: whois.todaynic.com
Referral URL: http://www.NOW.CN
Name Server: NS1.EVERYDNS.NET
Name Server: NS2.EVERYDNS.NET
Name Server: NS3.EVERYDNS.NET
Name Server: NS4.EVERYDNS.NET
Status: clientTransferProhibited
Updated Date: 05-sep-2009
Creation Date: 04-sep-2009
Expiration Date: 04-sep-2010
>>> Last update of whois database: Sun, 06 Sep 2009 17:57:44 UTC <<<
Registrant:
Name: Steve J Arby
Address: 534 Summer Street NE, Ste 231
City: Portland
Province/state: Oregon
Country: US
Postal Code: 97301
Administrative Contact:
Name: Steve J Arby
Organization: n/a
Address: 534 Summer Street NE, Ste 231
City: Portland
Province/state: Oregon
Country: US
Postal Code: 97301
Phone: +1.5039860081
Fax: +1.5039860081
Email: oregon.artscomm@state.or.us
Technical Contact:
Name: Steve J Arby
Organization: n/a
Address: 534 Summer Street NE, Ste 231
City: Portland
Province/state: Oregon
Country: US
Postal Code: 97301
Nameserver Information:
ns1.everydns.net
ns2.everydns.net
ns3.everydns.net
ns4.everydns.net
Create: 2009-09-04 23:01:50
Update: 2009-09-06
Expired: 2010-09-04
Update
Also watch out for antivirus-fast-scan05.com.
Virustotal: Result: 3/41 (7.32%). Comodo, Kaspersky, McAfee+Artemis are the ones recognizing it.
Other domains involved:
mashroomtheory.cn on 94.102.48.29 (Ecatel)
Domains on 94.102.63.16 (Still Ecatel):
- luckystats.org
- luckystats1.com
- goldstats1.net
- stylestats1.net
And I am starting to wonder a bit about ruler-domains.com and "Sergey Ryabov".
I am a bit late, others are already.
Similar
Syndicate
Recent comments
41 weeks 5 days ago
42 weeks 1 day ago
42 weeks 5 days ago
42 weeks 5 days ago
44 weeks 15 hours ago
1 year 22 weeks ago
1 year 22 weeks ago
1 year 25 weeks ago
1 year 25 weeks ago
1 year 26 weeks ago