Search Engine Optimization & Web Hosting Solution

TOKYO (MacHouse) - A week ago, we had incredible information that the fake anti-virus scan website at antivirus-scanonline.com was hosted by a Dutch web hosting company called LEASEWEB. It’s been a while since we attempted to contact the web hosting company. We finally heard from a person named Mr. Jeffrey Kriegsman representing LEASEWEB several hours ago. That’s great. Nonetheless, Mr. Kriegsman consistently says that the fake anti-virus scan website in question is not inaccessible because the domain itself is inactive. (See Screenshot 02-3.) Oh… Is that really the case?

Screenshot 01 - Source: MacHouse

Screenshot 02 - Source: MacHouse

Screenshot 03 - Source: antivirus-scanonline.com

Perhaps, what Mr. Kriegsman should have done is simply to access antivirus-scanonline.com with the http protocol at first. When I accessed the domain in question an hour ago, the fake anti-virus scan website was still active. (See Screenshot 03.) We also checked its domain registration. And, according to Completewhois.Com, the domain of antivirus-scanonline was active at about 06:00 PM (GMT/London) or 07: 00 PM (GMT/Amsterdam) on June 9, 2008. (See Screenshot 04.) Furthermore, using VisualRoute 2008, we have confirmed that the IP location of the website hosted at the domain of antivirus-scanonline.com is 85.17.93.42. (See Screenshot 05.) RIPE says that this IP address belongs to LeaseWeb. (See Screenshot 06.)

Screenshot 04 - Source: Completewhois.Com

Screenshot 05 - Source: MacHouse

Screenshot 06 - Source: MacHouse

Our conclusions are

1. The domain of antivirus-scanonline.com is still active.
2. LeaseWeb provides either a hosting service or DNS-routing service to the organization behind the domain of antivirus-scanonline.com.

No WhoIs search engine is reliable. It’s always a good idea to use two different tools to see if the domain in question is active.

The following video was recorded at about 05:28 PM (GMT/London) or 06:28 PM (GMT/Amsterdam) on June 9, 2008.

Click on the button to watch a documentation video.
Click on the button to watch more documentation videos.






References:

Antivirus 2008 (ANTIVIRUS-SCANONLINE) Wrap-Up June-01
Briefly: A U.K. College Website Exploited for Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM)
Saudi Arabian Government Website Falling a Victim to Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM) Exploitation
Briefly: 3 New Websites Falling Victims to the Exploitation of Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM)
Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM) Finding New Home in the Netherlands?
New York-Based Web Hosting Company Ezzi.net Failing to Pull the Plug Off Fake Anti-Virus Scan Websites
Hopefully, Saying Good-Bye to the Fake Anti-Virus Scan Websites of ANTIVIRUS-SCANNER.COM and ANTIVIRUS-SCANONLINE.COM for Now…
Victims of ANTIVIRUS 2008 (Malware) & Troj/FakeVir-BF Growing Exponentially
Failure to Remove Ill Files Converts Beacon University Websites Into Redirection Points for ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: Response to a Comment at FORUMS.SLICKDEALS.NET
The Name of A Next Anti-Virus Scan Domain Will Be…
File Determined to Contain Troj/FakeVir-BF
What Do We Know About These Fake Anti-Virus Scan Websites?
Lehigh University’s Multiple Department Websites Exploited for Redirection to ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: 15 Websites Victimized in the Latest ‘?prj’ Exploitation Scheme
Warning: A New Fake Anti-Virus Scan Website Discovered

********** ********** ********** ********** ********** ********** ********** **********

MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?