The IPs in this case, is;
209.126.131.87
ASN: 10439 209.126.128.0/17 CARINET - CariNet, Inc.
Code: Select all
7install.com - [email protected] GODADDY.COM, LLC
7install.info - [email protected] GODADDY.COM, LLC
7searchbox.com - [email protected] GODADDY.COM, LLC
analytic-login.com - [email protected] GODADDY.COM, LLC
cerberav.us - [email protected] GODADDY.COM, LLC
freedownlodenow.com - [email protected] GODADDY.COM, LLC
incomeinstall.net - [email protected] GODADDY.COM, LLC
installmonster.com - [email protected] GODADDY.COM, LLC
megafreedownload.com - [email protected] GODADDY.COM, LLC
91.214.201.126
ASN: 49527 91.214.200.0/22 ROXNET-COM-AS SRL ROXNET-COM
Code: Select all
unsecuredconnection.com - Henry Nguyen Gong [email protected] BIZCN.COM, INC
updatedflashplayer.com - Henry Nguyen Gong [email protected] BIZCN.COM, INC
updflashplayer.com - Henry Nguyen Gong [email protected] BIZCN.COM, INC
91.214.201.148
ASN: 49527 91.214.200.0/22 ROXNET-COM-AS SRL ROXNET-COM
Code: Select all
brosertie.us - Repossessed by Go Daddy / - [email protected] GoDaddy.com, Inc.
fenretosit.us - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
forentor.biz - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
forentor.us - Repossessed by Go Daddy / - [email protected] GoDaddy.com, Inc.
forotesit.us - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
jaterisok.us - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
jerenkoli.biz - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
jerenkoli.us - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
jonteoli.biz - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
jonteoli.us - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
moguleroc.us - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
mongolero.us - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
ventupri.biz - Repossessed by Go Daddy / - [email protected] GODADDY.COM, INC.
ventupri.us - Repossessed by Go Daddy / - [email protected] GoDaddy.com, Inc.
brosertie.net - Repossessed / - [email protected] GODADDY.COM, LLC
fenretosit.net - Repossessed / - [email protected] GODADDY.COM, LLC
forotesit.net - Repossessed by Go Daddy / - [email protected] GODADDY.COM, LLC
jaterisok.net - Repossessed by Go Daddy / - [email protected] GODADDY.COM, LLC
moguleroc.net - Repossessed by Go Daddy / - [email protected] GODADDY.COM, LLC
mongolero.net - Repossessed by Go Daddy / - [email protected] GODADDY.COM, LLC
jaterisok.net - Repossessed / - [email protected] GODADDY.COM, LLC
moguleroc.net - Repossessed / - [email protected] GODADDY.COM, LLC
brosertie.info - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R171-LRMS)
fenretosit.info - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R171-LRMS)
forentor.info - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R171-LRMS)
forotesit.info - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R171-LRMS)
jaterisok.info - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R171-LRMS)
moguleroc.info - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R171-LRMS)
mongolero.info - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R171-LRMS)
ventupri.info - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R171-LRMS)
forentor.org - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R91-LROR)
brosertie.org - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R91-LROR)
fenretosit.org - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R91-LROR)
forentor.org - Repossessed by Go Daddy / - [email protected] GoDaddy.com, LLC (R91-LROR)
forotesit.org - Repossessed by Go Daddy / - [email protected] Public Interest Registry
jaterisok.org - Repossessed by Go Daddy / - [email protected] Public Interest Registry
jerenkoli.org - Repossessed by Go Daddy / - [email protected] Public Interest Registry
moguleroc.org - Repossessed by Go Daddy / - [email protected] Public Interest Registry
mongolero.org - Repossessed by Go Daddy / - [email protected] Public Interest Registry
ventupri.org - Repossessed by Go Daddy / - [email protected] Public Interest Registry
forentor.org - Repossessed by Go Daddy / - [email protected] Public Interest Registry
198.199.65.137
ASN: 46652 198.199.64.0/20 SERVERSTACK-ASN - ServerStack, Inc.
Code: Select all
alwaysdownloads.com - Admin / [email protected] ENOM, INC.
8.29.133.130
ASN: 30152 8.29.128.0/21 BEYOND-HOSTING - Beyond Hosting, LLC
Code: Select all
freegiveawayoffers.com - Admin / [email protected] ENOM, INC.
8.29.133.189
ASN: 30152 8.29.128.0/21 BEYOND-HOSTING - Beyond Hosting, LLC
Code: Select all
javainstalls.com - Admin / [email protected] ENOM, INC.
184.105.178.69
ASN: 6939 184.104.0.0/15 HURRICANE - Hurricane Electric, Inc
Code: Select all
yesdownloads.com - Admin / [email protected] GODADDY.COM, LLC
dl.yesdownloads.com
adobeflashfreedownload.com - Admin / [email protected] GODADDY.COM, LLC
avgantivirusforfree.com - Admin / [email protected] GODADDY.COM, LLC
downloadmessengerfree.com - Admin / [email protected] GODADDY.COM, LLC
installjavafree.com - Admin / [email protected] GODADDY.COM, LLC
yahoomessengerforfree.com - Domain Administrator / [email protected] Markmonitor.com
141.101.125.155
ASN: 13335 141.101.125.0/24 CLOUDFLARENET - CloudFlare, Inc.
Code: Select all
getsoftfree.com Admin / [email protected] ENOM, INC.
If you have a gander through the domains, you'll no doubt notice the likes of "AVG" being impersonated, but there's also another one - cerberav.us, impersonating cerberav.com (Spanish AV company).
Funny thing is, the companies involved in the use of the fake Flash/Java etc deception, are still trying to convince me that they're not doing anything wrong. On that subject, iLivid, are STILL not responding, and still using things like this;
As you've no doubt already guessed, AirInstaller, who I wrote about previously, are still using the very same tactics. For example;
hxxp://trkur.com/trk?o=7945&p=71676 -> hxxp://globalpromotions.kidsclothingsto ... %3A%3A7945 --> hxxp://globalpromotions.kidsclothingsto ... ameGB.html
globalpromotions.kidsclothingstore.org in case you're wondering, is housed at;
Code: Select all
208.87.34.151 - 208-87-34-151.securehost.com - 15146 - 15146 208.87.32.0/21 CABLEBAHAMAS - Cable Bahamas
23.20.106.130 - ec2-23-20-106-130.compute-1.amazonaws.com - 14618 - 14618 23.20.0.0/15 AMAZON-AES - Amazon.com, Inc.
5.199.171.205 - hst-171-205.digital-forex.net - 16125 - 16125 5.199.168.0/22 DC-AS UAB Duomenu Centras
75.101.216.99 - ec2-75-101-216-99.compute-1.amazonaws.com - 14618 - 14618 75.101.128.0/17 AMAZON-AES - Amazon.com, Inc.
Not surprisingly, some of the companies have resorted to trying to block me seeing the sites on their IPs (they're about as successful at this, as the skiddies, and a few hosts/ASNs have been - not realising I've got far more than one or two IPs at my disposal - woops!).
http://hphosts.blogspot.co.uk/2013/10/a ... flash.html