AS133618 (TRELLIAN-AS-AP- 103.224.212.222) – Direct Search Network –

The Cyber Security group MalwareURL.com whose slogan is FIGHTING MALWARE AND CYBER CRIMINALITY have identified 109 domains associated with malware distribution directly link to Fraud Alert2Trellian Direct Search Network

Partial listing can be found below.

  1. zemeisonline.net
  2. 4.z23td9r.ipeejretireby40.net
  3. eewoochelsea-fc.org
  4. eegooitusersmagazine.net
  5. 461.hsnf.yahwikoepota.net
  6. thonhoan.com

Malware_url.png

WhoIs Companydir.in? ~ samirnet ~ Ayat Media

This is the cybersquatter that purchased the domain name scamFRAUDalert.org and is intended to spread malware using SFA.org.        shutterstock_344117816-1
Name: Domain Manager
Organisation: samirnet – domain names for sale
Part of Ayat Media Corporation
Street: Flat No. 48 Cunningham Apts Edward Road
City: Bangalore
Postalcode: 560052 ()
Country: India India
Telephone: +91.802260640 India()
Phone Type: geographic : Bengaluru, Karnataka Bharat Sanchar Nigam Ltd (BSNL)
Email: United States Related to 200 sites
Part of Ayat Media Corporation
178 B-Block Nishistanbul
Bahcelievler | 34196 Istanbul | Turkey
Tel: +90 212 603 61 60 | Fax: +90 212 603 68 78
info@ayatmedia[dot]net | http://www.ayatmedia.net
http://www.SamirNet.com – e-mail samiromran@gmail.com



screencapture-google-search-1509907377351
Address lookup
canonical name:companydir.in
aliases
addresses: 95.211.205.167
Domain Whois record

Queried whois.inregistry.in with “companydir.in

Domain ID:D10449878-AFIN
Domain Name:COMPANYDIR.IN

Created On:25-Jan-2016 06:09:29 UTC
Last Updated On:03-Apr-2017 13:20:29 UTC
Expiration Date:25-Jan-2018 06:09:29 UTC
Sponsoring Registrar:Endurance Domains Technology LLP (R173-AFIN)
Status:CLIENT TRANSFER PROHIBITED

Reason:
Registrant ID:DI_15924858
Registrant Name:Denis
Registrant Organization:N/A
Registrant Street1:Tymoshenko 20
Registrant City:Kiev
Registrant State/Province:Kiev
Registrant Postal Code:02232
Registrant Country:UA
Registrant Phone:+380.445920216
Registrant Email:imitris@gmail.com

Admin ID:DI_15924858
Admin Name:Denis
Admin Organization:N/A
Admin Street1:Tymoshenko 20
Admin City:Kiev
Admin State/Province:Kiev
Admin Postal Code:02232
Admin Country:UA
Admin Phone:+380.445920216
Admin Email:imitris@gmail.com

Tech ID:DI_15924858
Tech Name:Denis
Tech Organization:N/A
Tech Street1:Tymoshenko 20
Tech City:Kiev
Tech State/Province:Kiev
Tech Postal Code:02232
Tech Country:UA
Tech Phone:+380.445920216
Tech Email:imitris@gmail.com

Name Server:36063.MERCURY.ORDERBOX-DNS.COM
Name Server:36063.VENUS.ORDERBOX-DNS.COM
Name Server:36063.EARTH.ORDERBOX-DNS.COM
Name Server:36063.MARS.ORDERBOX-DNS.COM

DNSSEC:Unsigned
Network Whois record

Queried whois.ripe.net with “-B 95.211.205.167″…
Information related to ‘95.211.201.0 – 95.211.207.255’
Abuse contact for ‘95.211.201.0 – 95.211.207.255’ is ‘abuse@nl.leaseweb.com’

inetnum: 95.211.201.0 – 95.211.207.255
netname: LEASEWEB
descr: LeaseWeb Netherlands B.V.
remarks: Please send all abuse notifications to the following email address: abuse@nl.leaseweb.com. To ensure proper processing of your abuse notification, please visit the website http://www.leaseweb.com/abuse for notification requirements. All police and other government agency requests must be sent to subpoenas@nl.leaseweb.com.
country: NL
admin-c: LSW1-RIPE
tech-c: LSW1-RIPE
status: ASSIGNED PA
mnt-by: LEASEWEB-NL-MNT
created: 2013-07-11T17:34:34Z
last-modified: 2015-09-30T22:18:21Z
source: RIPE

person: RIP Mean
address: P.O. Box 93054
address: 1090BB AMSTERDAM
address: Netherlands
phone: +31 20 3162880
fax-no: +31 20 3162890
e-mail: ripe@network.leaseweb.com
nic-hdl: LSW1-RIPE
notify: ripe@leaseweb.com
mnt-by: LEASEWEB-NL-MNT
created: 2005-06-07T14:36:03Z
last-modified: 2017-10-30T21:46:47Z
source: RIPE

% Information related to ‘95.211.0.0/16AS60781’

route: 95.211.0.0/16
descr: LEASEWEB
origin: AS60781
remarks: LeaseWeb
mnt-by: LEASEWEB-NL-MNT
created: 2014-03-11T14:28:00Z
last-modified: 2015-09-30T23:00:04Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.90 (ANGUS)


These Sites May Also Be Related:-

retrojordans5.org India in
themansworld.org India in
safedates.org India in
lebronjamesonline.org India in
bitglobal.org India in
turkcan.org India in
torrentgame.org India in
anabolika-shop.org India in
upmarket.mobi India in
ww1.descargarpeliculas.org India in
ww1.dinitroshop.org India in
etntrade.org India in
michaeljordanshoes.org India in
cambridgesatchelusa.org India in ..0%
adfly.org India in ..0%
medoffshore.org India in ..0%
mylifespan.org India in ..0%
superpelis.org India in ..0%
newscareer.org India in ..0%
mobile-rewards.com-1.mobi India in ..0%
pandoraapp.org

T.CO/IB1OLINUVY=Malware Distributor

Essentially what this CRIMINAL=samirnet2@gmail.com has done is to hijack scamFRAUDalert Twitter URL and redirecting it to scamfraudalert.org=MALWARE
SFA_Google_For SALE

Cybersquatting is a common practice online. scamFRAUDalert is no exception. What is Logo_Fraudalertincreasing becoming annoying is the amount of interest in our domain name. Zillions of so called scam ALERT sites have emerged. A cyber criminal has purchased the domain name scamfraudalert.org and is actively attempting to infect as many computer as he/she can.

SCAMMERS  have reinvented themselves to now providing ALERTS in all world to confused, muddy and discredit legitimate scam sites as ours.

Cybersquatting is a practice of registering, selling or using a domain name with the intent of profiting from the goodwill of someone else’s trademark. It generally refers to the practice of buying up domain names that use the names of existing businesses with the intent to sell the names for a profit to those businesses.

Below is the latest attempt of this squatter – URL discarded t.co / iB1oliNuVY
SFA_org_T.co Squatter
You get redirected to a Malware Infested Site
SFA_org_T.co Squatter2
scamfraudalert_org
scamfraudalerts_com.png

SFA_Google_For SALE

Read About the Phishing and Malware Expedition with domain scamFRAUDalert.org (screenshot below)

SFA_phishinggoogle-translate-1504195331710
SFA_Google_For SALE


t.co_ibolinuvy=malware2.png
t.co_ibolinuvy=malware3
screencapture-google-search-1507908626744


Domain Whois record
Queried whois.internic.net with “dom scamfraudalerts.com”…

Domain Name: SCAMFRAUDALERTS.COM
Registry Domain ID: 2096067633_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namebright.com
Registrar URL: http://www.NameBright.com
Updated Date: 2017-02-08T13:08:54Z
Creation Date: 2017-02-07T19:14:41Z
Registry Expiry Date: 2018-02-07T19:14:41Z
Registrar: DropCatch.com 808 LLC
Registrar IANA ID: 2567
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NSG1.NAMEBRIGHTDNS.COM
Name Server: NSG2.NAMEBRIGHTDNS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2017-08-30T08:44:49Z <<<


Address lookup
canonical name:scamfraudalert.org

aliases
addresses:192.184.12.62
Domain Whois record

Queried whois.publicinterestregistry.net with “scamfraudalert.org”…

Domain Name: SCAMFRAUDALERT.ORG
Registry Domain ID: D402200000001715160-LROR
Registrar WHOIS Server:
Registrar URL: http://www.sitename.com
Updated Date: 2017-05-04T03:46:53Z
Creation Date: 2017-03-04T14:30:24Z
Registry Expiry Date: 2018-03-04T14:30:24Z
Registrar Registration Expiration Date:
Registrar: SiteName Ltd.
Registrar IANA ID: 437
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Registry Registrant ID: C136922651-LROR
Registrant Name: Domain Manager
Registrant Organization: samirnet -domain names for sale
Registrant Street: Flat No. 48 Cunningham Apts Edward Road
Registrant City: Bangalore
Registrant State/Province:
Registrant Postal Code: 560052
Registrant Country: IN
Registrant Phone: +91.802260640
Registrant Email: samirnet2@gmail.com

Registry Admin ID: C136922651-LROR
Admin Name: Domain Manager
Admin Organization: samirnet -domain names for sale
Admin Street: Flat No. 48 Cunningham Apts Edward Road
Admin City: Bangalore
Admin State/Province:
Admin Postal Code: 560052
Admin Country: IN
Admin Phone: +91.802260640
Admin Email: samirnet2@gmail.com

Registry Tech ID: C136922651-LROR
Tech Name: Domain Manager
Tech Organization: samirnet -domain names for sale
Tech Street: Flat No. 48 Cunningham Apts Edward Road
Tech City: Bangalore
Tech State/Province:
Tech Postal Code: 560052
Tech Country: IN
Tech Phone: +91.802260640

Tech Email: samirnet2@gmail.com
Name Server: NS15.ABOVE.COM
Name Server: NS16.ABOVE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2017-08-30T08:45:24Z


from: James Ashmore [abuse@trellian.com]
to: scamFRAUDalert [scamfraudalert@gmail.com]
______________________________________
Hello,

Thank you for your message.

Acknowledgement that written correspondence has been received.

Above.com Monetization AutoPilot is a routing/redirection service only; we do not host any of the content of the domain/s or IP addresses in question. As this is the case, we dispute any claim of hosting any copyrighted content.

As we are not the governing body for these disputes, any cancellation of services will be done in accordance to the outcome of a UDRP from WIPO.

Kind regards,
James Ashmore
__________________________
Trellian.com Abuse Team :abuse@trellian.com
USA: +1 310-736-4230
Australia::+61- 3-9589-7946
http://www.above.com
http://www.above.com


AUSTRALIA

Office Hours:
M-F 9:00 am to 5:00 pm
Australian Eastern Std Time

Phone: + 61-3-9589-7946
Fax: + 61-3-9589-7951

USA Office
Trellian Direct Search Network
Above.com
5220 Pacific Concourse Dr
Suite 100
Los Angeles, CA 90045

WhoIs searchingmagnified.com

scamfraudalertdotorg redirects to a MALWARE DISTRIBUTOR
http://www.searchingmagnified.com/?dn=scamfraudalert.org&pid=7POS8W0N0
SFA_searchinggmagnified
SFA_searchinggmagnified2.PNG

ns2004.ztomy.com

Address lookup
canonical name:www.searchingmagnified.com
aliases
addresses:208.91.196.4
Domain Whois record

Queried whois.internic.net with “dom searchingmagnified.com”…

Domain Name: SEARCHINGMAGNIFIED.COM
Registry Domain ID: 1858468524_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.PublicDomainRegistry.com
Registrar URL: http://www.publicdomainregistry.com

Updated Date: 2017-05-31T17:10:52Z
Creation Date: 2014-05-13T10:19:45Z

Registry Expiry Date: 2020-05-13T10:19:45Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1.2013775952
Domain Status: clientTransferProhibited
Name Server: NS1004.ZTOMY.COM
Name Server: NS2004.ZTOMY.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form:

Last update of whois database: 2017-08-19T16:04:42Z
Queried whois.publicdomainregistry.com with “searchingmagnified.com

Domain Name: SEARCHINGMAGNIFIED.COM
Registry Domain ID: 1858468524_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: http://www.publicdomainregistry.com

Updated Date: 2017-05-31T17:10:52Z
Creation Date: 2014-05-13T10:19:45Z

Registrar Registration Expiration Date: 2020-05-13T10:19:45Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited

Registry Registrant ID: Not Available From Registry
Registrant Name: Domain Admin
Registrant Organization: Privacy Protect, LLC (PrivacyProtect.org)
Registrant Street: 10 Corporate Drive
Registrant City: Burlington
Registrant State/Province: MA
Registrant Postal Code: 01803
Registrant Country: US
Registrant Phone: +1.8022274003
Registrant Email: contact@privacyprotect.org
Registry Admin ID: Not Available From Registry

Admin Name: Domain Admin
Admin Organization: Privacy Protect, LLC (PrivacyProtect.org)
Admin Street: 10 Corporate Drive
Admin City: Burlington
Admin State/Province: MA
Admin Postal Code: 01803
Admin Country: US
Admin Phone: +1.8022274003
Admin Email: contact@privacyprotect.org
Registry Tech ID: Not Available From Registry

Tech Name: Domain Admin
Tech Organization: Privacy Protect, LLC (PrivacyProtect.org)
Tech Street: 10 Corporate Drive
Tech City: Burlington
Tech State/Province: MA
Tech Postal Code: 01803
Tech Country: US
Tech Phone: +1.8022274003
Tech Email: contact@privacyprotect.org

Name Server: ns1004.ztomy.com
Name Server: ns2004.ztomy.com

DNSSEC:Unsigned
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1.2013775952
URL of the ICANN WHOIS Data Problem Reporting System:

Last update of WHOIS database: 2017-08-19T16:04:49Z

Network Whois record
Queried whois.arin.net with “n 208.91.196.4″…

NetRange: 208.91.196.0 – 208.91.197.255
CIDR: 208.91.196.0/23
NetName: CONFLUENCE-NETWORK-INC
NetHandle: NET-208-91-196-0-1
Parent: NET208 (NET-208-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS40034
Organization: Confluence Networks Inc (CN)
RegDate: 2011-04-15
Updated: 2015-11-23
Ref: https://whois.arin.net/rest/net/NET-208-91-196-0-1

OrgName: Confluence Networks Inc
OrgId: CN
Address: 3rd Floor, J & C Building, P.O. Box 362
City: Road Town
StateProv: Tortola
PostalCode: VG1110
Country: VG
RegDate: 2011-04-07
Updated: 2017-03-29
Ref: https://whois.arin.net/rest/org/CN

OrgAbuseHandle: ABUSE3065-ARIN
OrgAbuseName: Abuse Admin
OrgAbusePhone: +1-415-449-4704
OrgAbuseEmail: abuse@confluence-networks.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE3065-ARIN

OrgNOCHandle: NOCAD51-ARIN
OrgNOCName: NOC Admin
OrgNOCPhone: +1-415-358-0891
OrgNOCEmail: noc@confluence-networks.com
OrgNOCRef: https://whois.arin.net/rest/poc/NOCAD51-ARIN

OrgTechHandle: TECHA29-ARIN
OrgTechName: Tech Admin
OrgTechPhone: +1-415-358-0891
OrgTechEmail: noc@confluence-networks.com
OrgTechRef: https://whois.arin.net/rest/poc/TECHA29-ARIN
DNS records

DNS query for 4.196.91.208.in-addr.arpa returned an error from the server: ServerFailure

name class type data time to live
http://www.searchingmagnified.com IN TXT v=spf1 a -all 300s (00:05:00)
http://www.searchingmagnified.com IN SOA
server: ns1004.ztomy.com
email: abuse@opticaljungle.com
serial: 2011062801
refresh: 3600
retry: 900
expire: 604800
minimum ttl: 86400
300s (00:05:00)
http://www.searchingmagnified.com IN NS ns2004.ztomy.com 300s (00:05:00)
http://www.searchingmagnified.com IN NS ns1004.ztomy.com 300s (00:05:00)
http://www.searchingmagnified.com IN PTR ns1004.ztomy.com 300s (00:05:00)
http://www.searchingmagnified.com IN A 208.91.196.4 300s (00:05:00)
searchingmagnified.com IN NS ns2004.ztomy.com 300s (00:05:00)
searchingmagnified.com IN SOA
server: ns1004.ztomy.com
email: abuse@opticaljungle.com
serial: 2011062801
refresh: 3600
retry: 900
expire: 604800
minimum ttl: 86400
300s (00:05:00)
searchingmagnified.com IN PTR ns1004.ztomy.com 300s (00:05:00)
searchingmagnified.com IN A 208.91.196.4 300s (00:05:00)
searchingmagnified.com IN TXT v=spf1 a -all 300s (00:05:00)
searchingmagnified.com IN NS ns1004.ztomy.com 300s (00:05:00)
— end —
URL for this output | return to CentralOps.net, a service of Hexillion


The following A records are set to 208.91.196.4:

  1. advforward.com
  2. amitaz.com
  3. buypremiumdeals.com
  4. cdn-images.com
  5. cnomy.com
  6. completefwd.com
  7. discovereddeals.com
  8. dmnfwd.com
  9. domainfwd.com
  10. domainfwding.com
  11. fastdomainfwd.com
  12. findcrazydeals.com
  13. findfreshdeals.com
  14. freeresultsguide.com
  15. freesearchresults.com
  16. globaldomainfwd.com
  17. globalizedsearch.com
  18. globalsearchdirect.com
  19. internetmadesecure.com
  20. keywordqueryresults.com
  21. malkm.com
  22. mypageresults.com
  23. mysearchcentral.com
  24. namefwd.com
  25. newsearchstation.com
  26. ns1004.ztomy.com
  27. onlinefastsearch.com
  28. pagequeryresults.com
  29. quickfwd.com
  30. rediscoversearch.com
  31. resultfwding.com
  32. sdomainparking.com
  33. searchacross.com
  34. searchdirectresults.com
  35. searchdiscovered.com
  36. searchedforward.com
  37. searchedresults.com
  38. searchedreveal.com
  39. searcheduncovered.com
  40. searchesexplored.com
  41. searchesinteractive.com
  42. searchesinvent.com
  43. searchesresult.com
  44. searchharbor.com
  45. searchhotspot.com
  46. searchignited.com
  47. searchingexplore.com
  48. searchingmagnified.com
  49. searchinguncovered.com
  50. searchinvented.com
  51. searchmagnified.com
  52. searchmagnitude.co
  53. searchmeaningful.com
  54. searchqueryresults.com
  55. searchrediscovered.com
  56. searchreinvented.com
  57. searchremagnified.com
  58. searchresultsguide.com
  59. searchtargeted.com
  60. searchtermresults.com
  61. sendfwd.com
  62. sitequeryresults.com
  63. smartseekerz.com
  64. targetedinfo.com
  65. targetedlistings.net
  66. targetedtopic.com
  67. thegreatestsearch.com
  68. theusefulsearch.com
  69. universalfwd.com
  70. usinternetsearch.com
  71. virlz.com
  72. webqueryresults.com
  73. ztomy.com

PAGEJUNCTION.COM – Malware Distributor

Pagejunction servers have been identified as malware distributors.
HugeDomains.com
13 years in business
2635 Walnut St
Denver, CO 80205-2230
(303) 893-0552
pagejunction

WhoIs

Registry Domain ID: 1777340749_DOMAIN_COM-VRSN
Registrar WHOIS server: whois.NameBright.com
Registrar URL: http://www.NameBright.com

Updated Date: 2016-01-31T00:00:00.000Z
Creation Date: 2013-01-30T19:24:18.000Z

Registrar Registration Expiration Date: 2017-01-30T00:00:00.000Z
Registrar: DomainCritics LLC
Registrar IANA ID: 1612
Registrar Abuse Contact Email: abuse@NameBright.com
Registrar Abuse Contact Phone: +1.720.496.0020
Domain Status: clientTransferProhibited

Registry Registrant ID:
Registrant Name: Name Admin
Registrant Organization:
Registrant Street: 2635 Walnut Street
Registrant City: Denver
Registrant State/Province: CO
Registrant Postal Code: 80205
Registrant Country: US
Registrant Phone: +1.3038930552
Registrant Email: support@PageJunction.com

Registry Admin ID:
Admin Name: Name Admin
Admin Organization:
Admin Street: 2635 Walnut Street
Admin City: Denver
Admin State/Province: CO
Admin Postal Code: 80205
Admin Country: US
Admin Phone: +1.303-893-0552
Admin Email: support@PageJunction.com

Registry Tech ID:
Tech Name: Name Admin
Tech Organization:
Tech Street: 2635 Walnut Street
Tech City: Denver
Tech State/Province: CO
Tech Postal Code: 80205
Tech Country: US
Tech Phone: +1.303-893-0552
Tech Email: support@PageJunction.com

Name Server: call-now.hugedomains.com
Name Server: call-now2.hugedomains.com

DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System:

PAGEJUNCTION.COM
The nameserver ns1.pagejunction.com manages the following domains :

1. 2turkey.com
2. abinetworks.com
3. avantajmarket.com
4. babblebot.com
5. baldwinjobs.com
6. bandaday.com
7. bandaforro.com
8. barabum.com
9. bikenashville.com
10. cw35.com
11. fidalsa.com
12. footprintsuk.com
13. freakystyles.com
14. giovannisimoncelli.com
15. hittr.com
16. hornyhispanics.com
17. mobilmas.com
18. parisday.com
19. somewheregreat.com
20. survivorcast.com
21. taiwanjewelry.com
22. tc07.com
23. ucaro.com
24. ukrag.com
25. zacharymoser.com