Blog for hpHosts, and whatever else I feel like writing about ....

Saturday, 8 October 2011

ALERT: microsoft-key.com, 91.217.153.17

microsoft-key.com was registered through the well known criminal friendly, BIZCN on October 7th (key-microsoft.com existed previously, same IP range), and not surprisingly, is up to no good. The domain is presently only in German for some reason (auto-redirs to /de-DE/, and no other language dirs seem to exist).

A translation via Google, since I don't speak German, shows;

Welcome to the Microsoft activation site! This site is suitable for the activation server and Microsoft to activate copies of Windows. If you receive a message that your copy of Windows is not genuine, have received, so you need to urgently purchase an activation key and activate your copy of Windows. In the opposite case, your IP address to the police and handed over to § 126 para 3 UrhG be regarded as a violation of copyright.

The activation key you can get to the payment on this site.
You just need a paysafecard worth 100 € to buy and enter the PIN.

To continue the activation, you can also give you the identification number awarded


Quite why it's only targeting German speaking individuals is puzzling, but I suspect it's likely only a matter of time before it's active in other languages (already working on takedown of course, and have notified MSRT).

The IP it's living at will come as no surprise either;

IP: 91.217.153.17
IP PTR: Resolution failed
ASN: 41390 91.217.153.0/24 RN-DATA-LV RN Data, SIA

The entire range has and continues to be, a haven for criminals and malicious activity, with malware and phishing present on virtually every IP. Personally I'd strongly urge you blackhole it if you've not already.

No comments: