TOKYO (MacHouse) – A week ago, we had incredible information that the fake anti-virus scan website at antivirus-scanonline.com was hosted by a Dutch web hosting company called LEASEWEB. It’s been a while since we attempted to contact the web hosting company. We finally heard from a person named Mr. Jeffrey Kriegsman representing LEASEWEB several hours ago. That’s great. Nonetheless, Mr. Kriegsman consistently says that the fake anti-virus scan website in question is not inaccessible because the domain itself is inactive. (See Screenshot 02-3.) Oh… Is that really the case?
 Screenshot 01 – Source: MacHouse |
 Screenshot 02 – Source: MacHouse |
 Screenshot 03 – Source: antivirus-scanonline.com |
Perhaps, what Mr. Kriegsman should have done is simply to access antivirus-scanonline.com with the http protocol at first. When I accessed the domain in question an hour ago, the fake anti-virus scan website was still active. (See Screenshot 03.) We also checked its domain registration. And, according to Completewhois.Com, the domain of antivirus-scanonline was active at about 06:00 PM (GMT/London) or 07: 00 PM (GMT/Amsterdam) on June 9, 2008. (See Screenshot 04.) Furthermore, using VisualRoute 2008, we have confirmed that the IP location of the website hosted at the domain of antivirus-scanonline.com is 85.17.93.42. (See Screenshot 05.) RIPE says that this IP address belongs to LeaseWeb. (See Screenshot 06.)
 Screenshot 04 – Source: Completewhois.Com |
 Screenshot 05 – Source: MacHouse |
 Screenshot 06 – Source: MacHouse |
Our conclusions are
- The domain of antivirus-scanonline.com is still active.
- LeaseWeb provides either a hosting service or DNS-routing service to the organization behind the domain of antivirus-scanonline.com.
No WhoIs search engine is reliable. It’s always a good idea to use two different tools to see if the domain in question is active.
The following video was recorded at about 05:28 PM (GMT/London) or 06:28 PM (GMT/Amsterdam) on June 9, 2008.
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
Antivirus 2008 (ANTIVIRUS-SCANONLINE) Wrap-Up June-01
Briefly: A U.K. College Website Exploited for Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM)
Saudi Arabian Government Website Falling a Victim to Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM) Exploitation
Briefly: 3 New Websites Falling Victims to the Exploitation of Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM)
Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM) Finding New Home in the Netherlands?
New York-Based Web Hosting Company Ezzi.net Failing to Pull the Plug Off Fake Anti-Virus Scan Websites
Hopefully, Saying Good-Bye to the Fake Anti-Virus Scan Websites of ANTIVIRUS-SCANNER.COM and ANTIVIRUS-SCANONLINE.COM for Now…
Victims of ANTIVIRUS 2008 (Malware) & Troj/FakeVir-BF Growing Exponentially
Failure to Remove Ill Files Converts Beacon University Websites Into Redirection Points for ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: Response to a Comment at FORUMS.SLICKDEALS.NET
The Name of A Next Anti-Virus Scan Domain Will Be…
File Determined to Contain Troj/FakeVir-BF
What Do We Know About These Fake Anti-Virus Scan Websites?
Lehigh University’s Multiple Department Websites Exploited for Redirection to ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: 15 Websites Victimized in the Latest ‘?prj’ Exploitation Scheme
Warning: A New Fake Anti-Virus Scan Website Discovered
