It would seem Directi wasn't really being serious when they said they were clamping down on just what their customers were doing, because our friend cr4nk now has a new domain (as of September 23rd) - cr4nk.us.
WhoIs Information:
Domain Name: CR4NK.US
Domain ID: D17780827-US
Sponsoring Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. DBA PUBLICDOMAINREGISTRY.COM
Registrar URL (registration services): www.publicdomainregistry.com
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: DI_2419181
Registrant Name: ITWEB Domain Protection
Registrant Organization: ITWEB Domain Protection
Registrant Address1: Edif. Neptuno, Local #7
Registrant Address2: Via Ricardo J Alfaro, Tumba Muerto
Registrant City: Panama Ciudad
Registrant State/Province: Panama
Registrant Postal Code: -
Registrant Country: Panama
Registrant Country Code: PA
Registrant Phone Number: +005.72021515
Registrant Email: itweb@hushmail.com
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Administrative Contact ID: DI_2419181
Administrative Contact Name: ITWEB Domain Protection
Administrative Contact Organization: ITWEB Domain Protection
Administrative Contact Address1: Edif. Neptuno, Local #7
Administrative Contact Address2: Via Ricardo J Alfaro, Tumba Muerto
Administrative Contact City: Panama Ciudad
Administrative Contact State/Province: Panama
Administrative Contact Postal Code: -
Administrative Contact Country: Panama
Administrative Contact Country Code: PA
Administrative Contact Phone Number: +005.72021515
Administrative Contact Email: itweb@hushmail.com
Administrative Application Purpose: P1
Administrative Nexus Category: C11
Billing Contact ID: DI_2419181
Billing Contact Name: ITWEB Domain Protection
Billing Contact Organization: ITWEB Domain Protection
Billing Contact Address1: Edif. Neptuno, Local #7
Billing Contact Address2: Via Ricardo J Alfaro, Tumba Muerto
Billing Contact City: Panama Ciudad
Billing Contact State/Province: Panama
Billing Contact Postal Code: -
Billing Contact Country: Panama
Billing Contact Country Code: PA
Billing Contact Phone Number: +005.72021515
Billing Contact Email: itweb@hushmail.com
Billing Application Purpose: P1
Billing Nexus Category: C11
Technical Contact ID: DI_2419181
Technical Contact Name: ITWEB Domain Protection
Technical Contact Organization: ITWEB Domain Protection
Technical Contact Address1: Edif. Neptuno, Local #7
Technical Contact Address2: Via Ricardo J Alfaro, Tumba Muerto
Technical Contact City: Panama Ciudad
Technical Contact State/Province: Panama
Technical Contact Postal Code: -
Technical Contact Country: Panama
Technical Contact Country Code: PA
Technical Contact Phone Number: +005.72021515
Technical Contact Email: itweb@hushmail.com
Technical Application Purpose: P1
Technical Nexus Category: C11
Name Server: NS1.IPNAMES.NET
Name Server: NS2.IPNAMES.NET
Created by Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. DBA PUBLICDOMAINREGISTRY.COM
Last Updated by Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. DBA PUBLICDOMAINREGISTRY.COM
Domain Registration Date: Tue Sep 23 01:37:49 GMT 2008
Domain Expiration Date: Tue Sep 22 23:59:59 GMT 2009
Domain Last Updated Date: Tue Sep 23 01:54:02 GMT 2008
>>>> Whois database was last updated on: Fri Oct 03 20:57:20 GMT 2008 <<<<
Domain Name: CR4NK.US
Domain ID: D17780827-US
Sponsoring Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. DBA PUBLICDOMAINREGISTRY.COM
Registrar URL (registration services): www.publicdomainregistry.com
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: DI_2419181
Registrant Name: ITWEB Domain Protection
Registrant Organization: ITWEB Domain Protection
Registrant Address1: Edif. Neptuno, Local #7
Registrant Address2: Via Ricardo J Alfaro, Tumba Muerto
Registrant City: Panama Ciudad
Registrant State/Province: Panama
Registrant Postal Code: -
Registrant Country: Panama
Registrant Country Code: PA
Registrant Phone Number: +005.72021515
Registrant Email: itweb@hushmail.com
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Administrative Contact ID: DI_2419181
Administrative Contact Name: ITWEB Domain Protection
Administrative Contact Organization: ITWEB Domain Protection
Administrative Contact Address1: Edif. Neptuno, Local #7
Administrative Contact Address2: Via Ricardo J Alfaro, Tumba Muerto
Administrative Contact City: Panama Ciudad
Administrative Contact State/Province: Panama
Administrative Contact Postal Code: -
Administrative Contact Country: Panama
Administrative Contact Country Code: PA
Administrative Contact Phone Number: +005.72021515
Administrative Contact Email: itweb@hushmail.com
Administrative Application Purpose: P1
Administrative Nexus Category: C11
Billing Contact ID: DI_2419181
Billing Contact Name: ITWEB Domain Protection
Billing Contact Organization: ITWEB Domain Protection
Billing Contact Address1: Edif. Neptuno, Local #7
Billing Contact Address2: Via Ricardo J Alfaro, Tumba Muerto
Billing Contact City: Panama Ciudad
Billing Contact State/Province: Panama
Billing Contact Postal Code: -
Billing Contact Country: Panama
Billing Contact Country Code: PA
Billing Contact Phone Number: +005.72021515
Billing Contact Email: itweb@hushmail.com
Billing Application Purpose: P1
Billing Nexus Category: C11
Technical Contact ID: DI_2419181
Technical Contact Name: ITWEB Domain Protection
Technical Contact Organization: ITWEB Domain Protection
Technical Contact Address1: Edif. Neptuno, Local #7
Technical Contact Address2: Via Ricardo J Alfaro, Tumba Muerto
Technical Contact City: Panama Ciudad
Technical Contact State/Province: Panama
Technical Contact Postal Code: -
Technical Contact Country: Panama
Technical Contact Country Code: PA
Technical Contact Phone Number: +005.72021515
Technical Contact Email: itweb@hushmail.com
Technical Application Purpose: P1
Technical Nexus Category: C11
Name Server: NS1.IPNAMES.NET
Name Server: NS2.IPNAMES.NET
Created by Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. DBA PUBLICDOMAINREGISTRY.COM
Last Updated by Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. DBA PUBLICDOMAINREGISTRY.COM
Domain Registration Date: Tue Sep 23 01:37:49 GMT 2008
Domain Expiration Date: Tue Sep 22 23:59:59 GMT 2009
Domain Last Updated Date: Tue Sep 23 01:54:02 GMT 2008
>>>> Whois database was last updated on: Fri Oct 03 20:57:20 GMT 2008 <<<<
Even worse here, is Directi using ITWeb Domain Protection - a "company" known ONLY for it's association with scammy/malicious domains. I've not come across a single legit domain that's associated with them, and as noted above, they don't seem to have their own website, opting instead, to provide a hushmail.com contact address. Further to this, ITWeb Domain Protection list their location as Panama (more here), a country that's become a favourite amongst organized criminals online (e.g. Est Domains and the RBN), but interestingly, earlier this year, according to an arbitration, they listed themselves as being in India.
See Google for a ton of people complaining about ITWeb Domain Protection;
http://www.google.co.uk/search?hl=en&q=%22ITWEB+Domain+Protection%22&start=10&sa=N
And who is providing the hosting for this domain? HostFresh of course - same as last time.
inetnum: 116.50.8.0 - 116.50.15.255
netname: HOSTFRESH
descr: HostFresh
descr: Internet Service Provider
country: HK
admin-c: PL466-AP
tech-c: PL466-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-HK-HOSTFRESH
mnt-routes: MAINT-HK-HOSTFRESH
remarks: Please send Spam & Abuse report to
remarks: abuse@hostfresh.com
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20070307
source: APNIC
person: Piu Lo
nic-hdl: PL466-AP
e-mail: ipadmin@hostfresh.com
address: No. 500, Post Office, Tuen Mun, N.T., Hong Kong
phone: +852-35979788
fax-no: +852-24522539
country: HK
changed: ipadmin@hostfresh.com 20071025
mnt-by: MAINT-HK-HOSTFRESH
source: APNIC
netname: HOSTFRESH
descr: HostFresh
descr: Internet Service Provider
country: HK
admin-c: PL466-AP
tech-c: PL466-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-HK-HOSTFRESH
mnt-routes: MAINT-HK-HOSTFRESH
remarks: Please send Spam & Abuse report to
remarks: abuse@hostfresh.com
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20070307
source: APNIC
person: Piu Lo
nic-hdl: PL466-AP
e-mail: ipadmin@hostfresh.com
address: No. 500, Post Office, Tuen Mun, N.T., Hong Kong
phone: +852-35979788
fax-no: +852-24522539
country: HK
changed: ipadmin@hostfresh.com 20071025
mnt-by: MAINT-HK-HOSTFRESH
source: APNIC
I have sent Directi an e-mail asking why they've allowed cr4nk to register a new domain with them, given their known history (and still ongoing) of trying to exploit web servers via RFI (Remote File Injection) and DCI (Direct Code Injection), and will let you know if/when I receive a response (I'm not hopeful).
Other domains on this IP block include;
1. bestfullwarez.com [ Class: EMD / IP: 116.50.15.114 ]
2. browsehentai.com [ Class: EMD / IP: 116.50.15.114 ]
3. cr4nk.us [ Class: EMD / IP: 116.50.15.114 ]
4. ddlicious.com [ Class: WRZ / IP: 116.50.9.32 ]
5. europe-warez.eu [ Class: EMD / IP: 116.50.15.114 ]
6. genx-anime.net [ Class: EMD / IP: 116.50.15.114 ]
7. greathostlist.com [ Class: EMD / IP: 116.50.15.114 ]
8. iload.to [ Class: EMD / IP: 116.50.15.114 ]
9. linkbase.biz [ Class: EMD / IP: 116.50.15.114 ]
10. lovemiss.com [ Class: EMD / IP: 116.50.15.114 ]
11. mail.getmoney4offer.net [ Class: EMD / IP: 116.50.15.114 ]
12. mail.ztorne.com [ Class: EMD / IP: 116.50.15.114 ]
13. mdz2k.com [ Class: EMD / IP: 116.50.15.114 ]
14. music-load.me [ Class: EMD / IP: 116.50.15.114 ]
15. natwestbgroups.com [ Class: EMD / IP: 116.50.15.114 ]
16. ns1.nosmtp.net [ Class: EMD / IP: 116.50.15.114 ]
17. ns2.nosmtp.net [ Class: EMD / IP: 116.50.15.114 ]
18. ns23.wrzhost.com [ Class: EMD / IP: 116.50.15.114 ]
19. ns24.wrzhost.com [ Class: EMD / IP: 116.50.15.114 ]
20. porn2go.org [ Class: EMD / IP: 116.50.15.114 ]
21. swinget.com [ Class: EMD / IP: 116.50.15.114 ]
22. us-ddl.com [ Class: EMD / IP: 116.50.15.114 ]
23. www.bestfullwarez.com [ Class: EMD / IP: 116.50.15.114 ]
24. www.browsehentai.com [ Class: EMD / IP: 116.50.15.114 ]
25. www.cr4nk.us [ Class: EMD / IP: 116.50.15.114 ]
26. www.ddlicious.com [ Class: WRZ / IP: 116.50.9.32 ]
27. www.europe-warez.eu [ Class: EMD / IP: 116.50.15.114 ]
28. www.genx-anime.net [ Class: EMD / IP: 116.50.15.114 ]
29. www.greathostlist.com [ Class: EMD / IP: 116.50.15.114 ]
30. www.iload.to [ Class: EMD / IP: 116.50.15.114 ]
31. www.linkbase.biz [ Class: EMD / IP: 116.50.15.114 ]
32. www.lovemiss.com [ Class: EMD / IP: 116.50.15.114 ]
33. www.mdz2k.com [ Class: EMD / IP: 116.50.15.114 ]
34. www.music-load.me [ Class: EMD / IP: 116.50.15.114 ]
35. www.natwestbgroups.com [ Class: EMD / IP: 116.50.15.114 ]
36. www.porn2go.org [ Class: EMD / IP: 116.50.15.114 ]
37. www.swinget.com [ Class: EMD / IP: 116.50.15.114 ]
38. www.us-ddl.com [ Class: EMD / IP: 116.50.15.114 ]
39. www.zdig1.com [ Class: EMD / IP: 116.50.15.114 ]
40. zdig1.com [ Class: EMD / IP: 116.50.15.114 ]
2. browsehentai.com [ Class: EMD / IP: 116.50.15.114 ]
3. cr4nk.us [ Class: EMD / IP: 116.50.15.114 ]
4. ddlicious.com [ Class: WRZ / IP: 116.50.9.32 ]
5. europe-warez.eu [ Class: EMD / IP: 116.50.15.114 ]
6. genx-anime.net [ Class: EMD / IP: 116.50.15.114 ]
7. greathostlist.com [ Class: EMD / IP: 116.50.15.114 ]
8. iload.to [ Class: EMD / IP: 116.50.15.114 ]
9. linkbase.biz [ Class: EMD / IP: 116.50.15.114 ]
10. lovemiss.com [ Class: EMD / IP: 116.50.15.114 ]
11. mail.getmoney4offer.net [ Class: EMD / IP: 116.50.15.114 ]
12. mail.ztorne.com [ Class: EMD / IP: 116.50.15.114 ]
13. mdz2k.com [ Class: EMD / IP: 116.50.15.114 ]
14. music-load.me [ Class: EMD / IP: 116.50.15.114 ]
15. natwestbgroups.com [ Class: EMD / IP: 116.50.15.114 ]
16. ns1.nosmtp.net [ Class: EMD / IP: 116.50.15.114 ]
17. ns2.nosmtp.net [ Class: EMD / IP: 116.50.15.114 ]
18. ns23.wrzhost.com [ Class: EMD / IP: 116.50.15.114 ]
19. ns24.wrzhost.com [ Class: EMD / IP: 116.50.15.114 ]
20. porn2go.org [ Class: EMD / IP: 116.50.15.114 ]
21. swinget.com [ Class: EMD / IP: 116.50.15.114 ]
22. us-ddl.com [ Class: EMD / IP: 116.50.15.114 ]
23. www.bestfullwarez.com [ Class: EMD / IP: 116.50.15.114 ]
24. www.browsehentai.com [ Class: EMD / IP: 116.50.15.114 ]
25. www.cr4nk.us [ Class: EMD / IP: 116.50.15.114 ]
26. www.ddlicious.com [ Class: WRZ / IP: 116.50.9.32 ]
27. www.europe-warez.eu [ Class: EMD / IP: 116.50.15.114 ]
28. www.genx-anime.net [ Class: EMD / IP: 116.50.15.114 ]
29. www.greathostlist.com [ Class: EMD / IP: 116.50.15.114 ]
30. www.iload.to [ Class: EMD / IP: 116.50.15.114 ]
31. www.linkbase.biz [ Class: EMD / IP: 116.50.15.114 ]
32. www.lovemiss.com [ Class: EMD / IP: 116.50.15.114 ]
33. www.mdz2k.com [ Class: EMD / IP: 116.50.15.114 ]
34. www.music-load.me [ Class: EMD / IP: 116.50.15.114 ]
35. www.natwestbgroups.com [ Class: EMD / IP: 116.50.15.114 ]
36. www.porn2go.org [ Class: EMD / IP: 116.50.15.114 ]
37. www.swinget.com [ Class: EMD / IP: 116.50.15.114 ]
38. www.us-ddl.com [ Class: EMD / IP: 116.50.15.114 ]
39. www.zdig1.com [ Class: EMD / IP: 116.50.15.114 ]
40. zdig1.com [ Class: EMD / IP: 116.50.15.114 ]
References:
hpHosts - cr4nk.us
http://hosts-file.net/?s=cr4nk.us
cr4nk.ws again - another Directi, LogicBoxes, LiquidWeb exploit gang
http://hphosts.blogspot.com/2008/09/cr4nkws-again-another-directi.html
cr4nk.ws has moved to Hostfresh
http://hphosts.blogspot.com/2008/09/cr4nkws-has-moved-to-hostfresh.html
cr4nk.ws has gone!
http://hphosts.blogspot.com/2008/09/cr4nkws-has-gone.html
cr4nk responds - OH NOEZ!
http://hphosts.blogspot.com/2008/09/cr4nk-responds-oh-noez.html
Skiddie responds ..... again - cr4nk says thanks?
http://hphosts.blogspot.com/2008/10/skiddie-responds-again-cr4nk-says.html
Posts
No comments:
Post a Comment