Thursday, January 12, 2017

DISTRACTIFY.COM Serving Up Malware

Legitimate sites serving up malware is nothing new. Some of the ad networks the big sites use don't scrutinize ads like they should, because money. They make lots and lots of money from ads, and sometimes these ads are malicious, like the ones I was getting from IMDB for a while.

What I've been seeing a lot of lately is the "Urgent Chrome Update" where an ad on a site redirects the browser to something that looks very important for the user to click on.

This one came from an article linked on George Takei's Facebook page on distractify.com, which redirected me to this page, after sitting open in my browser for about 10 minutes.



Here's the malicious URL--I wouldn't advise visiting it:

https://aipuafile4go.org/427841460136/7ae1a8e795621a5673bdbfc8a9a18c30/7030bce668397746f35ba9a9f098ee4e.html


The domain was probably created today, like most of the malicious domains my browser has tried to redirect me to:

>>> Last update of WHOIS database: 2017-01-12T09:20:32Z <<<

I'm surprised the owner of the domain didn't pay to anonymize the domain like most people do, and here is the WHOIS lookup:

Domain Name: AIPUAFILE4GO.ORG
Domain ID: D402200000001269594-LROR
WHOIS Server:
Referral URL: http://www.PublicDomainRegistry.com
Updated Date: 2017-01-10T23:00:14Z
Creation Date: 2017-01-10T23:00:09Z
Registry Expiry Date: 2018-01-10T23:00:09Z
Sponsoring Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registrant ID: DI_62599609
Registrant Name: Glenn A. Molina
Registrant Organization: N/A
Registrant Street: 4370 Southern Street
Registrant City: Lynbrook
Registrant State/Province: New York
Registrant Postal Code: 11563
Registrant Country: US
Registrant Phone: +1.5165994142
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: glenn.molina@tuta.io
Admin ID: DI_62599609
Admin Name: Glenn A. Molina
Admin Organization: N/A
Admin Street: 4370 Southern Street
Admin City: Lynbrook
Admin State/Province: New York
Admin Postal Code: 11563
Admin Country: US
Admin Phone: +1.5165994142
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: glenn.molina@tuta.io
Tech ID: DI_62599609
Tech Name: Glenn A. Molina
Tech Organization: N/A
Tech Street: 4370 Southern Street
Tech City: Lynbrook
Tech State/Province: New York
Tech Postal Code: 11563
Tech Country: US
Tech Phone: +1.5165994142
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: glenn.molina@tuta.io
Name Server: NS1.SUSPEND-DOMAIN.COM
Name Server: NS2.SUSPEND-DOMAIN.COM
DNSSEC: unsigned

1 comment:

  1. That person named Glenn Molina listed at Southern Street in Lynbrook, NY DOES NOT EXIST. I know that area. There is no Southern Street in Lynbrook. If you google the registration company, you will find that PDR is based out of India. Domain name has been registered using false information.

    ReplyDelete