Author Topic: DirectI: A return to old form?  (Read 1827 times)

0 Members and 1 Guest are viewing this topic.

July 23, 2009, 10:37:17 am
Read 1827 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Quote
Have DirectI returned to old form again, or is this just a coincidence?

http://msmvps.com/blogs/spywaresucks/archive/2009/07/22/1704910.aspx

The screenshot above left, shows a domain used in an exploit campaign, registered via DirectI. Then of course, there's this lot (all exploit domains so DO NOT LOAD IN A BROWSER!), all of which resolve to:

IP: 78.47.25.168
PTR: static.168.25.47.78.clients.your-server.de
Desc: FastVPS Ltd, St Petersburg, Russia

Read more
http://hphosts.blogspot.com/2009/07/directi-return-to-old-form.html
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

July 23, 2009, 03:34:15 pm
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net