Thursday, February 23, 2006

Block traffmoney.biz, traffnew.biz, traffbest.biz, traffweb.biz, traffdollars.biz, traffsale1.biz, traffbucks.biz & traffcool.biz

traffmoney.biz, traffnew.biz, traffbest.biz, traffweb.biz, traffdollars.biz, traffsale1.biz, traffbucks.biz and traffcool.biz deliver threats. All three web sites are at one address: 85.249.23.119



traffmoney.biz/dl/fillmemadv640.htm (JS_ONLOADXPLT.G)
traffmoney.biz/dl/java.jar (JAVA_BYTEVER.S inNewSecurityClassLoader.class & JAVA_BYTEVER.S inNewURLClassLoader.class)
traffmoney.biz/dl/bag.htm
traffmoney.biz/dl/loaderadv640.jar (JAVA_BYTEVER.A in Dummy.class)
traffmoney.biz/dl/adv640.php

traffnew.biz/dl/java.jar (JAVA_BYTEVER.S inNewSecurityClassLoader.class & JAVA_BYTEVER.S in NewURLClassLoader.class)
traffnew.biz/dl/bag.htm
traffnew.biz/dl/loaderadv640.jar (JAVA_BYTEVER.A in Dummy.class)
traffnew.biz/dl/adv640.php

traffbest.biz/dl/adv438.php (JS_AGENT.BXY)
traffbest.biz/dl/fillmemadv438.htm (JS_ONLOADXPLT.G)
traffbest.biz/dl/bag.htm (JS_ONLOADXPLT.A)
traffbest.biz/dl/loaderadv438.jar (JAVA_SHINWOW.E in Matrix.class)
traffbest.biz/dl/bag.htm JS_ONLOADXPLT.A
traffbest.biz/dl/fillmemadv428.htm JS_ONLOADXPLT.G
traffbest.biz/dl/loaderadv428.jar
traffbest.biz/dl/adv428.php
traffbest.biz/dl/java.jar (NewURLClassLoader.class) JAVA_BYTEVER.S

traffweb.biz/dl/fillmemadv774.htm (JS_ONLOADXPLT.G)
traffweb.biz/dl/loaderadv774.jar
traffweb.biz/dl/GetAccess.class
traffweb.biz/dl/adv799.php
traffweb.biz/dl/java.jar
traffweb.biz/dl/bag.htm
traffweb.biz/dl/Counter.class
traffweb.biz/dl/adv774.php
traffweb.biz/dl/java.jar (NewSecurityClassLoader.class) JAVA_BYTEVER.S (NewURLClassLoader.class) JAVA_BYTEVER.S
traffweb.biz/dl/fillmemadv798.htm JS_ONLOADXPLT.G
traffweb.biz/dl/loaderadv798.jar (Dummy.class) JAVA_BYTEVER.A
traffweb.biz/dl/adv798.php
traffweb.biz/dl/bag.htm JS_ONLOADXPLT.A
traffweb.biz/dl/adv764.php
traffweb.biz/dl/loaderadv764.jar (JAVA_BYTEVER.A)
traffweb.biz/dl/fillmemadv764.htm (JS_ONLOADXPLT.G)
traffweb.biz/dl/adv799.php

traffdollars.biz/dl/fillmemadv598.htm JS_ONLOADXPLT.G
traffdollars.biz/dl/loaderadv598.jar (Dummy.class) JAVA_BYTEVER.A
traffdollars.biz/dl/bag.htm JS_ONLOADXPLT.A
traffdollars.biz/dl/java.jar (NewSecurityClassLoader.class) JAVA_BYTEVER.S (NewURLClassLoader.class) JAVA_BYTEVER.S
traffdollars.biz/dl/adv598.php

traffcool.biz/dl/fillmemadv542.htm JS_ONLOADXPLT.G
traffcool.biz/dl/adv542.php
traffcool.biz/dl/loaderadv542.jar (Dummy.class) JAVA_BYTEVER.A
traffcool.biz/dl/java.jar (NewSecurityClassLoader.class) JAVA_BYTEVER.S
traffcool.biz/dl/java.jar (NewURLClassLoader.class) JAVA_BYTEVER.S
traffcool.biz/dl/bag.htm JS_ONLOADXPLT.A






"traffmoney", "traffnew" and "traffdollars" use the same IP address and the registration information.



WHOIS traffmoney.biz, traffnew.biz, traffdollars.biz?




traffmoney.biz = [ 85.249.23.119 ]
Domain Name: TRAFFMONEY.BIZ
Domain ID: D12368897-BIZ
Sponsoring Registrar: TLDS INC.
Sponsoring Registrar IANA ID: 320
Domain Status: clientTransferProhibited
Registrant ID: 6510552-SRSPLUS
Registrant Name: Jason Coffman
Registrant Organization: Private person
Registrant Address1: 908 Alder St
Registrant City: Philadelphia
Registrant State/Province: PA
Registrant Postal Code: 19147
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: 1.74952171179
Registrant Email: admin@toolbarbest.biz

WHOIS traffbest.biz [ = 85.249.23.119 = sr-customers-23-119.justdns.org]
Jason Coffman of Philadelphia, PA AKA admin@toolbarbest.biz





OK, then WHOIS toolbarbest.biz?



toolbarbest.biz = [ 85.249.23.117 ]
Domain Name: TOOLBARBEST.BIZ
Domain ID: D11890133-BIZ
Sponsoring Registrar: TLDS INC.
Sponsoring Registrar IANA ID: 320
Domain Status: clientTransferProhibited
Registrant ID: 6488994-SRSPLUS
Registrant Name: Alexander Pushkin
Registrant Organization: Home Home
Registrant Address1: Pushkina str. - 1 - 1
Registrant City: Moscow
Registrant Postal Code: 123456
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: 78.462788201
Registrant Email: admin@newtoolbar.biz




Literary giant Alexander Sergeevich Pushkin (1799-1837)? I wonder if Jason Coffman is a real person, and if he has registered any other domain names?


WHOIS newtoolbar.biz? (Ezhi Brozkevitsh Warszawa, Polandadmin@buytraff.biz)
WHOIS buytraff.biz (Ezhi Brozkevitsh Warszawa,Poland darkgt@mail.ru)
There that trail ends.

Reverse name resolution of 85.249.23.119 shows it belongs to Sergey Shishkin of Sergedjus Vlasovas in Klaipeda LT (Lithuania) sergedjus@eexhost.com

1 Comments:

At 11:14 AM, Anonymous Anonymous said...

clvcnt.com/fuz/
pohuicnt.com/fuz/
qwecnt.com/fuz/
yugoscnt.com/fuz/


these are related and deploy trojans, please be careful

 

Post a Comment

<< Home