Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Phorm Discussion :: Phorm Talk |
|
<< Previous thread | Next thread >> |
| Russian Domain: oixssp-rubyem.net | ||
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy, revrob
|
| Author | Post | ||
| felixcatuk |
| ||
felixcatuk   Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 2626 | Another domain;oixssp-rubyem.netRegistered through: GoDaddy.com, Inc. (http://www.godaddy.com)Domain Name: OIXSSP-RUBYEM.NET Created on: 11-Feb-10 Expires on: 11-Feb-12 Last Updated on: 11-Feb-10 Registrant: Sergey Sergeev Stroiteley 7 Nabereznye Chelny, Russia 115407 Russian Federation Administrative Contact: Sergeev, Sergey abrikus@gmail.com Stroiteley 7 Nabereznye Chelny, Russia 115407 Russian Federation 79174047481 Fax -- Technical Contact: Sergeev, Sergey abrikus@gmail.com Stroiteley 7 Nabereznye Chelny, Russia 115407 Russian Federation 79174047481 Fax -- See also this post for other similar domains. [ Edited Sun Nov 07 2010, 10:06AM ] | ||
| Back to top | | ||
| felixcatuk |
| ||
| felixcatuk Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 2626 | IP Address; 78.110.48.164 DNS hosts; 78.110.48.130, 78.110.48.131 Reverse name of the server sonic.ocslab.com ?? Same contact details (Sergey Sergeev) were used to register the domain rubylan.net. | ||
| Back to top | | ||
| felixcatuk |
| ||
| felixcatuk Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 2626 | Just did a google search for ocslab.com... the cache of the first page of the results (from vms.ocslab.com/) includes; "ProxySense Test Plan - Page in the frame test vms.ocslab.com/ - Cached" | ||
| Back to top | | ||
| felixcatuk |
| ||
| felixcatuk Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 2626 | OK a bit more digging reveals a nasty connection. If I do a search on Google for ocslab.com... I find the first result is a cached page from vms.ocslab.com/ entitled "ProxySense Test Plan - Page in the frame test". The page is still there, and presents a framed view of a requested web page (see screen capture here if you don't want to visit). OSC Lab are associated with distribution of the Apropos rootkit. See this article on Trend Micro. So, once again... and perhaps more emphatically then ever before... Phorm, Proxy Sense, the OIX, Russian hackers, and the Apropos rootkit are linked. | ||
| Back to top | | ||
| felixcatuk |
| ||
| felixcatuk Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 2626 | Another link Karen Arutyunov. Formerly an employee of OCS Labs... used to be "Senior Vice President of Software Development at Phorm". | ||
| Back to top | | ||
Powered by e107 Forum System