|
 |
|||||||
|
Esthost/Estdomains/Cernal gang. [92.48.195.125] NS1.SPYSOLDIER.NET NS1.SOFT-BILLING.COM NS2.SOFT-BILLING.COM ns2.winiguard.org [92.48.195.122] ns1.winiguard.org ns2.softsafebill.com [92.48.195.126] ns2.spysoldier.net NS1.SUPPORTBYMOVIE.COM 92.48.195.66 NS2.SUPPORTBYMOVIE.COM 92.48.195.67 _____________________________________________________________ 92.48.195.66 ns1.newlinecash.com 92.48.195.66 ns1.supportbymovie.com 92.48.195.66 ns2.newlinecash.com 92.48.195.67 ns1.softsafebill.com 92.48.195.67 ns2.supportbymovie.com 92.48.195.77 ns1.fastexedownload.com 92.48.195.77 ns1.xxxl-soft.com 92.48.195.78 ns2.fastexedownload.com 92.48.195.78 ns2.xxxl-soft.com 92.48.195.83 ns2.secure-dns.info 92.48.195.84 ns1.secure-dns.info 92.48.195.122 ns1.winiguard.org 92.48.195.122 ns2.softsafebill.com 92.48.195.125 ns1.soft-billing.com 92.48.195.125 ns1.spysoldier.net 92.48.195.125 ns2.soft-billing.com 92.48.195.125 ns2.winiguard.org 92.48.195.126 ns2.spysoldier.net ______________________________________________ Domain Name: SUPPORTBYMOVIE.COM Registrar: MONIKER ONLINE SERVICES, INC. Whois Server: whois.moniker.com Referral URL: http://www.moniker.com/whois.html Name Server: NS1.SUPPORTBYMOVIE.COM Name Server: NS2.SUPPORTBYMOVIE.COM Status: clientDeleteProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 26-nov-2008 Creation Date: 26-nov-2008 Expiration Date: 26-nov-2009 Domain Name: SUPPORTBYMOVIE.COM Registrant [1516878]: Singh Ajeet sasinghajeet3@gmail.com 1798 NW 20th St Miami FL 33142-7459 US Administrative Contact [1516878]: Singh Ajeet sasinghajeet3@gmail.com 1798 NW 20th St Miami FL 33142-7459 US Phone: +1.3059832566 Billing Contact [1516878]: Singh Ajeet sasinghajeet3@gmail.com 1798 NW 20th St Miami FL 33142-7459 US Phone: +1.3059832566 Technical Contact [1516878]: Singh Ajeet sasinghajeet3@gmail.com 1798 NW 20th St Miami FL 33142-7459 US Phone: +1.3059832566 Domain servers in listed order: NS1.SUPPORTBYMOVIE.COM 92.48.195.66 NS2.SUPPORTBYMOVIE.COM 92.48.195.67 Record created on: 2008-11-26 12:01:15.0 Database last updated on: 2008-11-26 12:02:51.733 Domain Expires on: 2009-11-26 12:01:16.0 ___________________________________ Domain Name: SOFT-BILLING.COM Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Name Server: NS1.SOFT-BILLING.COM Name Server: NS2.SOFT-BILLING.COM Status: ok Updated Date: 19-feb-2009 Creation Date: 03-sep-2008 Expiration Date: 03-sep-2009 Registration Service Provided By: RESELLERCLUB Contact: +1.4152361970 Domain Name: SOFT-BILLING.COM Registrant: n/a Carmen A Scota (contact@soft-billing.com) 5301 Delmar Dr Clifton Heights Pennsylvania,19018-1814 US Tel. +1.610284448 Creation Date: 03-Sep-2008 Expiration Date: 03-Sep-2009 Domain servers in listed order: ns1.soft-billing.com ns2.soft-billing.com Administrative Contact: n/a Carmen A Scota (contact@soft-billing.com) 5301 Delmar Dr Clifton Heights Pennsylvania,19018-1814 US Tel. +1.610284448 Technical Contact: n/a Carmen A Scota (contact@soft-billing.com) 5301 Delmar Dr Clifton Heights Pennsylvania,19018-1814 US Tel. +1.610284448 Billing Contact: n/a Carmen A Scota (contact@soft-billing.com) 5301 Delmar Dr Clifton Heights Pennsylvania,19018-1814 US Tel. +1.610284448 Status:ACTIVE ______________________________________ @NS2.SECURE-DNS.INFO e2umail.com secure-dns.info wacon-int.com __________________________________ DNS hijacking - repointing many domains: --- reading URL 78.47.234.41 --- contacting host [78.47.234.41] on port 80 HTTP/1.1 302 Found Date: Wed, 28 Jan 2009 15:34:16 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 X-Powered-By: PHP/5.2.0-8+etch13 location: http://google.com Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --- connection closed ____________________ --- reading URL 78.47.234.33 --- contacting host [78.47.234.33] on port 80 HTTP/1.1 302 Found Date: Wed, 28 Jan 2009 01:41:48 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 X-Powered-By: PHP/5.2.0-8+etch13 Location: http://refer2.ccbill.com/ Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 X-Pad: avoid browser bug ____________ --- reading URL 78.47.234.34 --- contacting host [78.47.234.34] on port 80 HTTP/1.1 302 Found Date: Wed, 28 Jan 2009 04:33:17 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 X-Powered-By: PHP/5.2.0-8+etch13 location: http://google.com Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --- connection closed ___________________________ inetnum: 78.47.234.32 - 78.47.234.39 netname: SINGH-AJEET descr: Singh Ajeet country: DE admin-c: SA5634-RIPE tech-c: SA5634-RIPE status: ASSIGNED PA mnt-by: HOS-GUN source: RIPE # Filtered person: Singh Ajeet address: 1901 60th Place E. Suite L4257 address: 34203 Bradenton address: UNITED STATES phone: +17274755513 e-mail: escont@exact-solution.com nic-hdl: SA5634-RIPE mnt-by: HOS-GUN source: RIPE # Filtered % Information related to '78.46.0.0/15AS24940' route: 78.46.0.0/15 descr: HETZNER-RZ-NBG-BLK5 origin: AS24940 org: ORG-HOA1-RIPE mnt-by: HOS-GUN source: RIPE # Filtered organisation: ORG-HOA1-RIPE org-name: Hetzner Online AG org-type: LIR address: Hetzner Online AG Attn. Martin Hetzner Stuttgarter Str. 1 91710 Gunzenhausen Germany phone: +49 9831 610061 fax-no: +49 9831 610062 e-mail: info@hetzner.de admin-c: GM834-RIPE admin-c: HOAC1-RIPE admin-c: MH375-RIPE admin-c: RB1502-RIPE admin-c: SK2374-RIPE mnt-ref: HOS-GUN mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT source: RIPE # Filtered ________________________ inetnum: 78.47.234.40 - 78.47.234.47 netname: SINGH-AJEET descr: Singh Ajeet country: DE admin-c: SA5634-RIPE tech-c: SA5634-RIPE status: ASSIGNED PA mnt-by: HOS-GUN source: RIPE # Filtered person: Singh Ajeet address: 1901 60th Place E. Suite L4257 address: 34203 Bradenton address: UNITED STATES phone: +17274755513 e-mail: escont@exact-solution.com nic-hdl: SA5634-RIPE mnt-by: HOS-GUN source: RIPE # Filtered % Information related to '78.46.0.0/15AS24940' route: 78.46.0.0/15 descr: HETZNER-RZ-NBG-BLK5 origin: AS24940 org: ORG-HOA1-RIPE mnt-by: HOS-GUN source: RIPE # Filtered organisation: ORG-HOA1-RIPE org-name: Hetzner Online AG org-type: LIR address: Hetzner Online AG Attn. Martin Hetzner Stuttgarter Str. 1 91710 Gunzenhausen Germany phone: +49 9831 610061 fax-no: +49 9831 610062 e-mail: info@hetzner.de admin-c: GM834-RIPE admin-c: HOAC1-RIPE admin-c: MH375-RIPE admin-c: RB1502-RIPE admin-c: SK2374-RIPE mnt-ref: HOS-GUN mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT source: RIPE # Filtered _______________________________ Domain Name: EXACT-SOLUTION.COM Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Name Server: NS1.EXACT-SOLUTION.COM Name Server: NS2.EXACT-SOLUTION.COM Status: ok Updated Date: 19-feb-2009 Creation Date: 01-oct-2008 Expiration Date: 01-oct-2009 Checking server [whois.PublicDomainRegistry.com] Results: Registration Service Provided By: RESELLERCLUB Contact: +1.4152361970 Domain Name: EXACT-SOLUTION.COM Registrant: Exact Solution, Inc Exact Solution, Inc (escont@exact-solution.com) 1901 60th Place E. Suite L4257 Bradenton Florida,34203 US Tel. +1.7274755513 Fax. +1.7274755513 Creation Date: 01-Oct-2008 Expiration Date: 01-Oct-2009 Domain servers in listed order: ns1.exact-solution.com ns2.exact-solution.com Administrative Contact: Exact Solution, Inc Exact Solution, Inc (escont@exact-solution.com) 1901 60th Place E. Suite L4257 Bradenton Florida,34203 US Tel. +1.7274755513 Fax. +1.7274755513 Technical Contact: Exact Solution, Inc Exact Solution, Inc (escont@exact-solution.com) 1901 60th Place E. Suite L4257 Bradenton Florida,34203 US Tel. +1.7274755513 Fax. +1.7274755513 Billing Contact: Exact Solution, Inc Exact Solution, Inc (escont@exact-solution.com) 1901 60th Place E. Suite L4257 Bradenton Florida,34203 US Tel. +1.7274755513 Fax. +1.7274755513 Status:LOCKED __________________________ ???????????????? 78.47.234.41 filipinofriendfinder.com 78.47.234.41 search.adultfriendfinder.com 78.47.234.41 seniorfriendfinder.com 78.47.234.41 friendfinder.com 78.47.234.41 adultfriendfinder.com 78.47.234.41 clickcashv2.webpower.com 78.47.234.41 alt.com 78.47.234.41 cams.com 78.47.234.41 cc.webpower.com 78.47.234.41 danni.com 78.47.234.41 penthouse.com 78.47.234.46 data.alexa.com ____________________________ DNS hijacking - repointing: refer.ccbill.com, google.com --- reading URL 78.47.234.33 --- contacting host [78.47.234.33] on port 80 HTTP/1.1 302 Found Date: Wed, 28 Jan 2009 01:41:48 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 X-Powered-By: PHP/5.2.0-8+etch13 Location: http://refer2.ccbill.com/ Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 X-Pad: avoid browser bug ____________ --- reading URL 78.47.234.34 --- contacting host [78.47.234.34] on port 80 HTTP/1.1 302 Found Date: Wed, 28 Jan 2009 04:33:17 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 X-Powered-By: PHP/5.2.0-8+etch13 location: http://google.com Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --- connection closed ___________________________ inetnum: 78.47.234.32 - 78.47.234.39 netname: SINGH-AJEET descr: Singh Ajeet country: DE admin-c: SA5634-RIPE tech-c: SA5634-RIPE status: ASSIGNED PA mnt-by: HOS-GUN source: RIPE # Filtered person: Singh Ajeet address: 1901 60th Place E. Suite L4257 address: 34203 Bradenton address: UNITED STATES phone: +17274755513 e-mail: escont@exact-solution.com nic-hdl: SA5634-RIPE mnt-by: HOS-GUN source: RIPE # Filtered % Information related to '78.46.0.0/15AS24940' route: 78.46.0.0/15 descr: HETZNER-RZ-NBG-BLK5 origin: AS24940 org: ORG-HOA1-RIPE mnt-by: HOS-GUN source: RIPE # Filtered organisation: ORG-HOA1-RIPE org-name: Hetzner Online AG org-type: LIR address: Hetzner Online AG Attn. Martin Hetzner Stuttgarter Str. 1 91710 Gunzenhausen Germany phone: +49 9831 610061 fax-no: +49 9831 610062 e-mail: info@hetzner.de admin-c: GM834-RIPE admin-c: HOAC1-RIPE admin-c: MH375-RIPE admin-c: RB1502-RIPE admin-c: SK2374-RIPE mnt-ref: HOS-GUN mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT source: RIPE # Filtered ________________________ inetnum: 78.47.234.40 - 78.47.234.47 netname: SINGH-AJEET descr: Singh Ajeet country: DE admin-c: SA5634-RIPE tech-c: SA5634-RIPE status: ASSIGNED PA mnt-by: HOS-GUN source: RIPE # Filtered person: Singh Ajeet address: 1901 60th Place E. Suite L4257 address: 34203 Bradenton address: UNITED STATES phone: +17274755513 e-mail: escont@exact-solution.com nic-hdl: SA5634-RIPE mnt-by: HOS-GUN source: RIPE # Filtered % Information related to '78.46.0.0/15AS24940' route: 78.46.0.0/15 descr: HETZNER-RZ-NBG-BLK5 origin: AS24940 org: ORG-HOA1-RIPE mnt-by: HOS-GUN source: RIPE # Filtered organisation: ORG-HOA1-RIPE org-name: Hetzner Online AG org-type: LIR address: Hetzner Online AG Attn. Martin Hetzner Stuttgarter Str. 1 91710 Gunzenhausen Germany phone: +49 9831 610061 fax-no: +49 9831 610062 e-mail: info@hetzner.de admin-c: GM834-RIPE admin-c: HOAC1-RIPE admin-c: MH375-RIPE admin-c: RB1502-RIPE admin-c: SK2374-RIPE mnt-ref: HOS-GUN mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT source: RIPE # Filtered _____________________________________ Checking server [whois.PublicDomainRegistry.com] Results: Registration Service Provided By: RESELLERCLUB Contact: +1.4152361970 Domain Name: EXACT-SOLUTION.COM Registrant: Exact Solution, Inc Exact Solution, Inc (escont@exact-solution.com) 1901 60th Place E. Suite L4257 Bradenton Florida,34203 US Tel. +1.7274755513 Fax. +1.7274755513 Creation Date: 01-Oct-2008 Expiration Date: 01-Oct-2009 Domain servers in listed order: ns1.exact-solution.com ns2.exact-solution.com Administrative Contact: Exact Solution, Inc Exact Solution, Inc (escont@exact-solution.com) 1901 60th Place E. Suite L4257 Bradenton Florida,34203 US Tel. +1.7274755513 Fax. +1.7274755513 Technical Contact: Exact Solution, Inc Exact Solution, Inc (escont@exact-solution.com) 1901 60th Place E. Suite L4257 Bradenton Florida,34203 US Tel. +1.7274755513 Fax. +1.7274755513 Billing Contact: Exact Solution, Inc Exact Solution, Inc (escont@exact-solution.com) 1901 60th Place E. Suite L4257 Bradenton Florida,34203 US Tel. +1.7274755513 Fax. +1.7274755513 Status:LOCKED _________________________ [114.80.100.165] NS2.WIZUALCOM.COM NS1.WINIBLUESOFT.NET NS2.CYBERNOVAGO.COM NS1.WINBLUESOFT.NET NS2.SOFTPCANTI.COM NS2.ASDRTACKERZ.COM NS2.ATTRAXCO.COM NS1.ASDRTACKERZ.COM NS1.TODAYWAYZ.COM NS2.TODAYWAYZ.COM NS1.ATTRAXCO.COM NS1.WIZUALCOM.COM NS2.WINBLUESOFT.NET NS1.CYBERNOVAGO.COM NS2.WINIBLUESOFT.NET NS1.SOFTPCANTI.COM NS1.PCSCANDOWN.COM NS2.PCSCANDOWN.COM NS1.WINBLUESOFT.COM _________________________________________ Domain Name: WINIBLUESOFT.NET Registrar: TODAYNIC.COM, INC. Whois Server: whois.todaynic.com Referral URL: http://www.NOW.CN Name Server: NS1.WINIBLUESOFT.NET Name Server: NS2.WINIBLUESOFT.NET Status: clientHold Status: clientTransferProhibited Updated Date: 30-apr-2009 Creation Date: 29-jan-2009 Expiration Date: 29-jan-2010 Domain name: winibluesoft.net Status: Active Protection Status: public ( make contact info private at http://www.now.cn/domain/domainPrivate.php ) Registrant: Name: Singh Ajeet Address: 1798 NW 20th St City: Miami Province/state: FL Country: US Postal Code: 33142- Administrative Contact: Name: Singh Ajeet Organization: Singh Ajeet Address: 1798 NW 20th St City: Miami Province/state: FL Country: US Postal Code: 33142- Phone: +1.3059832566 Fax: +1.3059832566 Email: sasinghajeet3@gmail.com Technical Contact: Name: Singh Ajeet Organization: Singh Ajeet Address: 1798 NW 20th St City: Miami Province/state: FL Country: US Postal Code: 33142- Nameserver Information: ns1.winibluesoft.net ns2.winibluesoft.net Create: 2009-01-29 16:30:45 Update: 2009-04-30 Expired: 2010-01-29 ________________________________________________ Domain ID:D155880892-LROR Domain Name:WINIBLUESOFT.ORG Created On:16-Apr-2009 12:01:16 UTC Last Updated On:16-Apr-2009 12:03:35 UTC Expiration Date:16-Apr-2010 12:01:16 UTC Sponsoring Registrar:Todaynic.com, Inc. (R1316-LROR) Status:CLIENT TRANSFER PROHIBITED Status:TRANSFER PROHIBITED Registrant ID:TOD-40798568 Registrant Name:adhal mahmood Registrant Organization:adhal mahmood Registrant Street1:4534 47th St, Apt 5E Registrant Street2: Registrant Street3: Registrant City:Woodside Registrant State/Province:NY Registrant Postal Code:11377 Registrant Country:US Registrant Phone:+1.305988311 Registrant Phone Ext.: Registrant FAX:+1.305988311 Registrant FAX Ext.: Registrant Email:adhal.mahmood@gmail.com Admin ID:TOD-40798569 Admin Name:adhal mahmood Admin Organization:adhal mahmood Admin Street1:4534 47th St, Apt 5E Admin Street2: Admin Street3: Admin City:Woodside Admin State/Province:NY Admin Postal Code:11377 Admin Country:US Admin Phone:+1.305988311 Admin Phone Ext.: Admin FAX:+1.305988311 Admin FAX Ext.: Admin Email:adhal.mahmood@gmail.com Tech ID:TOD-40798569 Tech Name:adhal mahmood Tech Organization:adhal mahmood Tech Street1:4534 47th St, Apt 5E Tech Street2: Tech Street3: Tech City:Woodside Tech State/Province:NY Tech Postal Code:11377 Tech Country:US Tech Phone:+1.305988311 Tech Phone Ext.: Tech FAX:+1.305988311 Tech FAX Ext.: Tech Email:adhal.mahmood@gmail.com Name Server:NS1.WINIBLUESOFT.ORG Name Server:NS2.WINIBLUESOFT.ORG _______________________ 
Related URLsTrojan infected end-user computers are surreptitiously configured to query these DNS servers. Sometimes these servers return normal DNS results, equivalent to DNS responses from bona fide authentic servers. But sometimes these servers return DNS RRs controlled by the criminals who operate them and the resulting domain, and then the infected end-user may think they are visiting a legitimate site but are actually exchanging information (including personal credentials) with a machine controlled by the spammer. This is sometimes called 'pharming'. Traffic analysis of these servers will show a high-volume stream of DNS traffic between the server and Trojan infected bots in end-user IP space.
Definition: Pharming
|
||||||
The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies. |
|
Rove Digital Index
|