Malvertizing domains: go-scan-pro.com (and friends)...
Hit this one today:
go-scan-pro.com -78.157.143.184 -Latvia, Vdhost Ltd
ICANN Registar: REGTIME LTD.
Created on: 7 October 2008
NS: NS1.SITELUTIONS.COM
NS: NS2.SITELUTIONS.COM
Registrant:
Petr Bernatzik
Email: feetecho@gmail.com
Organization: Bernatzik Co
Address: Dobevska 877/4
City: Praha
State: Kamyk
ZIP: 14300
Country: CZ
Phone: +420.60176712
Fax:
Shared IP:
1. Cokiran.com
2. Go-iascan.com
3. Go-scan-pro.com
4. Goscanpc.com
5. Ia-free-scanner.com
6. Ia-install-pro.com
7. Ia-installs.com
8. Ia-payment.com
9. Ia-scan-now.com
10. Ia-scan-pro.com
11. Ia-scanner-pc.com
12. Ia-scanner-pro.com
13. Ia-scannerpro.com
14. Ia-scanpro.com
15. Ia-stat-ia.com
16. Ia-stat-pro.com
17. Internet-antivirus-2008.com
18. Wa-payment.com
SITELUTIONS.COM - 69.26.178.224 - New Jersey - Englishtown - Inforelay Online Systems Inc
ICANN Registrar: Enom, Inc
Created: 11 July 2002
Exposure via:
boldmoves.net/modulesBAK/mod_wrap/cnaeldr.html
Note: The browser hijack does not occur if the URL is accessed directly (404 Not Found error), but will occur if the site is accessed via a search engine.
Nasty code:
The directory boldmoves.net/modulesBAK/mod_wrap/ is wide open (see screenshot), revealing what must be hundreds of different html files, all dated 11 December 2007. There is also a IMG subdirectory that contains a couple of image files, and a 0 byte PHP (xmlrpc.php).
The site's admin and technical contacts have been notified.