Author Topic: hs.2-137.zlkon.lv (94.247.2.137)  (Read 5961 times)

0 Members and 1 Guest are viewing this topic.

April 06, 2009, 03:23:12 pm
Read 5961 times

sowhat-x

  • Guest
The fake AV sites of "MS Antispyware 2009"...
(note: links to the malware executables not active at the moment)

Quote
addantivirus.com
antispylinks.com
antispylist.com
antispywareup.com
antiviruscheckout.com
antivirusup.com
goldpcguard.com
etc etc...

April 06, 2009, 03:58:43 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Interesting. Those urls have been already reported to me as Zlkon urls.
But they resolve to 64.191.12.38 for me, not to zlkon.
Ruining the bad guy's day

April 06, 2009, 04:24:26 pm
Reply #2

sowhat-x

  • Guest
Yeap,you're totally about this...same ip resolves from here,and it seems that most of the online reverse ip services,haven't yet updated their data.
Plus several domains that were more than active during middle-March,appear to be temporarily semi-defunct currently,
they're probably in need of decentralizing some of their "merchantize"...

April 06, 2009, 04:26:55 pm
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Should we delete this topic until we get a real 137 address ?
Ruining the bad guy's day

April 06, 2009, 04:45:19 pm
Reply #4

sowhat-x

  • Guest
...to be 100% precise,I quickly parsed almost of the 94.247.2.x - 94.247.3.x ips during last night,
and they've certainly killed/moved lots of stuff that had been spotted in public during the 3 last months...
From the 500 about ips,for at least the 400 complaints/details could be found just via merely googling...
So yeah,remove it,makes no difference after a certain point...after all,it's not that difficult to find dns records' history if needed ;)

So the shame now goes to...AS21788 - BurstNet Technologies Inc.,if they don't get these down before they re-activate:
http://www.robtex.com/ip/64.191.12.38.html

PS:That's kinda of funny,in a twisted sense of humour of course:
http://www.webhostdir.com/news/showNews.aspx?ID=10346


April 06, 2009, 06:13:11 pm
Reply #5

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Still resolves to .137 :)

msantispyware2009.com
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net