Referred to: whois.above.com
By: whois.internic.net
Registration Service Provided By: ABOVE.COM, INC.
Contact: +613.95897946
Domain Name: MALWAREABYTES.COM
Registrant:
Lu Lan
1187/28-601 Nam Natou road
Shanghai
200125
CN
lulan@hotpmail.com
Tel. +86.13671866757
Fax.
Creation date: 2009-11-11
Expiration Date: 2010-11-11
Domain servers in listed order:
ns1.mid-2.com
ns2.mid-2.com
Administrative Contact:
Lu Lan
1187/28-601 Nam Natou road
Shanghai
200125
CN
lulan@hotpmail.com
Tel. +86.13671866757
Fax.
Technical Contact:
Lu Lan
1187/28-601 Nam Natou road
Shanghai
200125
CN
lulan@hotpmail.com
Tel. +86.13671866757
Fax.
Billing Contact:
Lu Lan
1187/28-601 Nam Natou road
Shanghai
200125
CN
lulan@hotpmail.com
Tel. +86.13671866757
By: whois.internic.net
Registration Service Provided By: ABOVE.COM, INC.
Contact: +613.95897946
Domain Name: MALWAREABYTES.COM
Registrant:
Lu Lan
1187/28-601 Nam Natou road
Shanghai
200125
CN
lulan@hotpmail.com
Tel. +86.13671866757
Fax.
Creation date: 2009-11-11
Expiration Date: 2010-11-11
Domain servers in listed order:
ns1.mid-2.com
ns2.mid-2.com
Administrative Contact:
Lu Lan
1187/28-601 Nam Natou road
Shanghai
200125
CN
lulan@hotpmail.com
Tel. +86.13671866757
Fax.
Technical Contact:
Lu Lan
1187/28-601 Nam Natou road
Shanghai
200125
CN
lulan@hotpmail.com
Tel. +86.13671866757
Fax.
Billing Contact:
Lu Lan
1187/28-601 Nam Natou road
Shanghai
200125
CN
lulan@hotpmail.com
Tel. +86.13671866757
Yep, I noticed the "p" in hotpmail.com too, in the registrants e-mail address. The site certainly isn't registered to Microsoft, nor hosted on a Microsoft owned IP.
Referred to: whois.PublicDomainRegistry.com
By: whois.internic.net
Domainname: HOTPMAIL.COM
Creation date: 11-Dec-2008
Expiry date: 11-Dec-2014
Domain status: ACTIVE
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Administrative:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Technical:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Nameservers:
ns7.ns0.com
ns188.pair.com
By: whois.internic.net
Domainname: HOTPMAIL.COM
Creation date: 11-Dec-2008
Expiry date: 11-Dec-2014
Domain status: ACTIVE
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Administrative:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Technical:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Nameservers:
ns7.ns0.com
ns188.pair.com
It did however, redirect to hotmail.com;
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
1 301 HTTP hotpmail.com / 0 text/html avant:4476
2 302 HTTP www.hotmail.com / 314 no-cache Expires: -1 text/html; charset=utf-8 avant:4476
3 200 HTTP login.live.com /login.srf?wa=wsignin1.0&rpsnv=11&ct=1258135091&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb 2,306 no-cache Expires: Fri, 13 Nov 2009 17:57:14 GMT text/html; charset=iso-8859-1 avant:4476
4 200 HTTP login.live.com /pp700/images/LiveID16nc.gif?1258135090920 388 no-cache image/gif avant:4476
1 301 HTTP hotpmail.com / 0 text/html avant:4476
2 302 HTTP www.hotmail.com / 314 no-cache Expires: -1 text/html; charset=utf-8 avant:4476
3 200 HTTP login.live.com /login.srf?wa=wsignin1.0&rpsnv=11&ct=1258135091&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb 2,306 no-cache Expires: Fri, 13 Nov 2009 17:57:14 GMT text/html; charset=iso-8859-1 avant:4476
4 200 HTTP login.live.com /pp700/images/LiveID16nc.gif?1258135090920 388 no-cache image/gif avant:4476
A little research shows the chap that registered these domains, also owns a few others, including;
forumactivationlink.com
boysfoog.com
telcelcom.com
dcbdc.com
uncdf.com
data-bg.net
iraklis-fc.com
horse-gams.com
croyscabin.com
filehopo.com
lacasadelpayaso.com
... and I'm sure if I spent more time looking, I could find a heck of alot more, based on what I've seen thus far. Indeed, given the URL's the above take you through, being alot similar (and in some cases, identical), to those malwaredomainlist2.com takes you to, coupled with the same registrar being involved, I don't think it's a stretch to say the same person is responsible for this one too.
Special thanks to Anthony at MalwareURL for informing me about malwareabytes.com.
No comments:
Post a Comment