Page 1 of 2
nxplorer
Posted: 03 Jun 2015 12:27
by admin
Hi, I'm still here but fully involved in making the new website.
By coincidence found something VERY strange today. Somebody has copied my complete website and uploaded it to another domain:
www.nxplorer.us (DO NOT DOWNLOAD ANYTHING FROM THERE -- IT'S MALWARE!!!)
What's that?
Re: nxplorer
Posted: 03 Jun 2015 12:38
by Exolon
Hi Don,
did you talked to paypal to stop billing in the name of nxplorer?
Maybe he is simply trying to make some money based on xyplorers success.
Regards
Mike
Re: nxplorer
Posted: 03 Jun 2015 12:44
by Filehero
http://network-tools.com/default.asp?pr ... xplorer.us
Code: Select all
119.81.19.207 is from Singapore (SG) in region Southern and Eastern Asia
Input: nxplorer.us
canonical name: nxplorer.us
Registered Domain: nxplorer.us
Whois query for nxplorer.us...
Results returned from whois.nic.us:
Domain Name: NXPLORER.US
Domain ID: D49653768-US
Sponsoring Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Registrar URL (registration services): whois.enom.com
Domain Status: clientTransferProhibited
Variant: NXPLORER.US
Registrant ID: 7D0C6D20D3D99F73
Registrant Name: Dimitri Gorolev
Registrant Address1: 17 Furshtatskaya St.
Registrant City: St. Petersburg
Registrant State/Province: NA
Registrant Postal Code: 191028
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +7.8123312649
Registrant Email: dimitri.gorolev@safe-mail.net
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Administrative Contact ID: 7D0C6D20D3D99F73
Administrative Contact Name: Dimitri Gorolev
Administrative Contact Address1: 17 Furshtatskaya St.
Administrative Contact City: St. Petersburg
Administrative Contact State/Province: NA
Administrative Contact Postal Code: 191028
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +7.8123312649
Administrative Contact Email: dimitri.gorolev@safe-mail.net
Administrative Application Purpose: P1
Administrative Nexus Category: C11
Billing Contact ID: 7D0C6D20D3D99F73
Billing Contact Name: Dimitri Gorolev
Billing Contact Address1: 17 Furshtatskaya St.
Billing Contact City: St. Petersburg
Billing Contact State/Province: NA
Billing Contact Postal Code: 191028
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +7.8123312649
Billing Contact Email: dimitri.gorolev@safe-mail.net
Billing Application Purpose: P1
Billing Nexus Category: C11
Technical Contact ID: 7D0C6D20D3D99F73
Technical Contact Name: Dimitri Gorolev
Technical Contact Address1: 17 Furshtatskaya St.
Technical Contact City: St. Petersburg
Technical Contact State/Province: NA
Technical Contact Postal Code: 191028
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +7.8123312649
Technical Contact Email: dimitri.gorolev@safe-mail.net
Technical Application Purpose: P1
Technical Nexus Category: C11
Name Server: NS9.HAWKHOST.COM
Name Server: NS10.HAWKHOST.COM
Created by Registrar: ENOM, INC.
Last Updated by Registrar: ENOM, INC.
Domain Registration Date: Mon May 11 04:55:20 GMT 2015
Domain Expiration Date: Tue May 10 23:59:59 GMT 2016
Domain Last Updated Date: Mon May 11 04:57:51 GMT 2015
DNSSEC: false
Weird and strange.
Re: nxplorer
Posted: 03 Jun 2015 12:50
by admin
All buy links point to me. Even if someone would (so stupid to) buy from this site the money would go to me. Weird.
Maybe it's evil work in progress... I'll watch it...
Re: nxplorer
Posted: 03 Jun 2015 13:32
by bdeshi
The installer that site supplies behaves exactly like a virus.
[ed. VirusTotal analysis] Notably, one of the processes it starts also spoofs QDir's icon!
Somebody's trying to capitalize on XYplorer's popularity to spread malware.
You should definitely go stop that before people think these two sites are the same, based on the visual similarity alone. In any case, it's not good at all for XY.
Re: nxplorer
Posted: 03 Jun 2015 13:38
by admin
Wow. Thanks for guinea-pigging!
But stop that? How?
Re: nxplorer
Posted: 03 Jun 2015 13:47
by bdeshi
Why, report to the webhost! According to Filehero's report, the site appears to be hosted by a
hawkhost.com
Code: Select all
Name Server: NS9.HAWKHOST.COM
Name Server: NS10.HAWKHOST.COM
meanwhile, I submitted some scam reports, like google safebrowsing.
[ed.]
Re: nxplorer
Posted: 03 Jun 2015 14:02
by admin
OK, done. I'll keep you posted...
Re: nxplorer
Posted: 03 Jun 2015 14:18
by TheQwerty
Admittedly I'm not too knowledgeable about this stuff but...
The domain appears to be registered through Enom (
http://www.enom.com/help/abusepolicy.aspx ).
Hawkhost appears to be used only as a name server resolving the domain to an IP of 119.81.19.207.
http://network-tools.com/default.asp?pr ... .81.19.207
Shows that IP as registered to softlayer.com, which is a more likely host.
So I would suggest e-mailing
abuse@softlayer.com as well. (Maybe
abuse@sip2callxpert.com too?
)
http://www.softlayer.com/legal lists some other address if it's truly hosted by SoftLayer.
Re: nxplorer
Posted: 03 Jun 2015 14:30
by admin
Thanks, done!
Re: nxplorer
Posted: 03 Jun 2015 15:02
by bdeshi
I'd noticed that softlayer "connection" too, but looking at their site made me think they only provide the bare servers--the hardware, and no website hosting. Hawkhost probably leased some servers from them on a reseller contract, and it not illogical to assume that a httracked-website will not go all the way to Softlayer and buy a private server for hosting!
Re: nxplorer
Posted: 04 Jun 2015 16:15
by aurumdigitus
This is a profoundly unfortunate situation to have arisen.
Cannot help but think of Shakespeare's Henry IV. Part II:
Deny it to a king? Then happy low, lie down!
Uneasy lies the head that wears a crown.
Re: nxplorer
Posted: 05 Jun 2015 10:01
by Exolon
NOD32 is now blocking the site.
Re: nxplorer
Posted: 05 Jun 2015 14:57
by admin
Re: nxplorer
Posted: 08 Jun 2015 16:32
by Regmos
Now Bitdefender also got it.
