Blog for hpHosts, and whatever else I feel like writing about ....

Thursday 2 July 2009

malwaredomainslist.com - The rogues love MDL!

It would appear our favourite rogues, Personal Antivirus (PAV), are fans of Malware Domain List, as evidenced by a domain found by SysAdMini, administrator of MDL;

malwaredomainslist.com - 78.47.91.154 (static.154.91.47.78.clients.your-server.de)

Recognize the IP? You should do, it's associated with a previous post and belongs to Senpai IT Solutions.



Interestingly, the WhoIs for this one isn't hidden;

Domain name: malwaredomainslist.com
Status: Active

Protection Status: public
( make contact info private at http://www.now.cn/domain/domainPrivate.php )

Registrant:
Name: Rauf K Abdur
Address: 79-E, Al-Rehman Chamber
City: Islamabad
Province/state: Islamabad
Country: PK
Postal Code: 53241

Administrative Contact:
Name: Rauf K Abdur
Organization: n/a
Address: 79-E, Al-Rehman Chamber
City: Islamabad
Province/state: Islamabad
Country: PK
Postal Code: 53241
Phone: +9.2039702341
Fax: +9.2039702341
Email: podbisb@hotmail.com

Technical Contact:
Name: Rauf K Abdur
Organization: n/a
Address: 79-E, Al-Rehman Chamber
City: Islamabad
Province/state: Islamabad
Country: PK
Postal Code: 53241


Nameserver Information:
ns1.everydns.net
ns2.everydns.net
ns3.everydns.net
ns4.everydns.net

Create: 2009-06-22 23:43:46
Update: 2009-07-02
Expired: 2010-06-22


It's processors are also hosted at Senpai IT Solutions;

https://secure.privatesecuredpayments.com/billpav/?

Domain name: privatesecuredpayments.com
Status: Active

Protection Status: public
( make contact info private at http://www.now.cn/domain/domainPrivate.php )

Registrant:
Name: Viktor A Temchenko
Address: Geroev Truda
City: Kharkov
Province/state: NA
Country: UA
Postal Code: 61000

Administrative Contact:
Name: Viktor A Temchenko
Organization: NA
Address: Geroev Truda
City: Kharkov
Province/state: NA
Country: UA
Postal Code: 61000
Phone: +3.80936328480
Fax: +3.80936328480
Email: TemchenkoViktor@googlemail.com

Technical Contact:
Name: Viktor A Temchenko
Organization: NA
Address: Geroev Truda
City: Kharkov
Province/state: NA
Country: UA
Postal Code: 61000


Nameserver Information:
66217.mercury.orderbox-dns.com
66217.venus.orderbox-dns.com
66217.earth.orderbox-dns.com
66217.mars.orderbox-dns.com

Create: 2009-01-13 17:36:24
Update: 2009-02-03
Expired: 2010-01-13


http://secure.purchuase-onlinesoftware.com/buy.php?nh=1&id=

Domain name: purchuase-onlinesoftware.com
Status: Active

Protection Status: public
( make contact info private at http://www.now.cn/domain/domainPrivate.php )

Registrant:
Name: Rauf K Abdur
Address: 79-E, Al-Rehman Chamber
City: Islamabad
Province/state: Islamabad
Country: PK
Postal Code: 53241

Administrative Contact:
Name: Rauf K Abdur
Organization: n/a
Address: 79-E, Al-Rehman Chamber
City: Islamabad
Province/state: Islamabad
Country: PK
Postal Code: 53241
Phone: +9.2039702341
Fax: +9.2039702341
Email: podbisb@hotmail.com

Technical Contact:
Name: Rauf K Abdur
Organization: n/a
Address: 79-E, Al-Rehman Chamber
City: Islamabad
Province/state: Islamabad
Country: PK
Postal Code: 53241


Nameserver Information:
ns1.everydns.net
ns2.everydns.net
ns3.everydns.net
ns4.everydns.net

Create: 2009-06-22 23:48:37
Update: 2009-06-25
Expired: 2010-06-22


http://centralamrecanculture.com/buy.php

Domain name: centralamrecanculture.com
Status: Active

Protection Status: public
( make contact info private at http://www.now.cn/domain/domainPrivate.php )

Registrant:
Name: Jay C Harry
Address: 53 West Jackson
City: Illinois
Province/state: Chicago
Country: US
Postal Code: 20003

Administrative Contact:
Name: Jay C Harry
Organization: n/a
Address: 53 West Jackson
City: Illinois
Province/state: Chicago
Country: US
Postal Code: 20003
Phone: +1.3125440200
Fax: +1.4152777938
Email: info@storecentral.com

Technical Contact:
Name: Jay C Harry
Organization: n/a
Address: 53 West Jackson
City: Illinois
Province/state: Chicago
Country: US
Postal Code: 20003


Nameserver Information:
ns1.everydns.net
ns2.everydns.net
ns3.everydns.net
ns4.everydns.net

Create: 2009-06-09 21:42:37
Update: 2009-06-25
Expired: 2010-06-09


The e-mail address for the rogues are likely fake, especially the Hotmail ones, if the following is anything to go by (they're either fake, or the government is involved in this ;o));

http://www.pakistan.gov.pk/divisions/ContentInfo.jsp?DivID=10&cPath=91_97_746&ContentID=3810

/edit 17-09-2009

I've removed reference to Senpai IT Solutions being part of the RBN as it appears I was wrong with this connection.
Posted by MysteryFCM at 23:01

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)