The Nirsoft iceberg

Due to another topic about reg cleaners, i went to one Website for a utility that i have used for quite some time and decided to do some investigative work. i generally try to validate software before i run it using social engineering techniques which i don't think is the right term here but we will go with that.
I then go through the course of preemptive checking the application using several methods before it even running it. I then watch what the app is doing using several methods to make sure its not doing anything weird.

I know i would of checked this app prior to using it but this was years ago and once i deem something ok to use i never have to scrutinize it again unless it shows me reason to do so.

I know long winded but the build up, has anyone known? or is it known? or what do you know about Nirsoft? is there an Iceberg here?

Registry Cleaner Software Downloads at RegSofts.com

^ The domain for the app i am talking about. But the Domain is also connected to many others exactly how many i have no idea because its designed in a way where you are like finding Easter eggs on a hunt. One thing that gave it away was when i analyzed an alternate mirror i trimmed the link down to just the base domain and then found that the mirror is another site hosting more software. But one thing i noticed is that the mirror is using the same sort of styling in its theme, like the download icons where the exact same.


Whois regsofts.com
Whois eusing.com
Whois cleanersoft.com
Whois itusoft.com

I am sure there is potentially a lot more domains than this tbh but you have to go through each site and find them.

Whois nirsoft.net

If you compare the information to Nirsoft they are held by the same registrar service and also the same Registrant which could be coincidence but also could be a real sign.
Yes this info can be faked but its not wise to do so because you can be revoked. ICANN is the authority on domains and it strives to keep them informatively correct. I think also the fact that these domains are 20 years old some of them and other are over 10 - 15 years old. I think this means loosley that they are not scam domains, it also places them around the same age as Nirsoft.

You can also see that there is redacted information for privacy reasons which is fine to do but is usually a paid feature through a domain service. So a hacker or scam site probably not going that far.

I have seen some of these domains in the past but never put 2 and 2 together.

IDK seems like an iceberg to me and each domain has software that is not on any of the others. i pulled a couple of apps of some of these just now just to VT them to further paint a picture and they came up clean.

If anyone knows anything else or works out info then please share that. The blurb on Nirsoft's website could also be a parable so it could be some truth but also an alias.

Also notice how the term "soft" is a common term in the some of the domains.

Do note if you try to goggle those domains you will get fake hits for sites that may get detected by av measures. Use the website Registry Cleaner Software Downloads at RegSofts.com to locate the other domains because its pointing to the correct domains.

Malneb said:

Do note if you try to goggle those domains you will get fake hits for sites that may get detected by av measures. Use the website Registry Cleaner Software Downloads at RegSofts.com to locate the other domains because its pointing to the correct domains.

When you use the term "Iceberg", are you using it to mean... a "hidden danger"?

One thing to notice is that the apps are themed so from all eras of windows, so like 3.1 to 98/2000, xp/vista etc. Who ever is doing this is making apps to a time period, there is many repeat apps and overall its a saturation attempt.

This is the sort of methods used by hacking or phishing attempts but from my analysis on the files i have looked at so far they seem like legit applications.

It could be just all coincidence and that this iceberg is unrelated to Nirsoft but the thing is the registrar info is the same as Nirsofts which is the cohesive part to this question that we cannot prove or disprove?

it could be in this case there is many domains for seo reasons and if all this other software is tied to Nirsoft then its dump software or just prototype software they keep making repeat software because that is how you get good at something.

Although Soft is a popular through back term, but many of these apps are on cnet or softpedia which are places i have not been in years for safety reasons but it shows a minute form of validity.

Hosting sites like cnet etc are questionable these days because they are a double edge sword one part money machine and good practice is going to the official authors homepage to get software. in theory places like softpedia are supposed to be safe because they are mirror sites. Over the years they fell off though because they mix unsafe means to acquire files and we don't know how safe or how valid the software is that they host internally the mirrors are safer but also there is software in these places that will be questionable these days.


I think in this other case from the what i can tell so far the apps seem safe. I am in no rush to use them but there is potentially some good software there.

Ghot said:

When you use the term "Iceberg", are you using it to mean... a "hidden danger"?

No iceberg as in there is more under the surface: deep web iceberg : Free Download, Borrow, and Streaming : Internet Archive

There is icebergs for anything and everything that has potential hidden knowledge or hidden hard to connect information,

Like there is an iceberg here its whether or not its connected to Nirsoft.

fishingfool said:

The only thing I know about nirsoft is that it is owned by one man named "Nir Sofer" and every app there was created by him only.
Been using his stuff for years

Yeah but that an alias even his page long origin story is. Like its truth mixed with an alias. These other software don't really look like the basic windows themed ones he has on his site. But that who is info really is the thing that makes all this theory crafting possible.

the same registrar and registrant info the same phone number and basically all the same info's. The apps in these alternate places are very lightweight and portable. Which is something he talks about on his nirsoft site.

idk they could be just similar person or group of people that are trying to make it look like this is the case but some of these domains are going back to the same time as his Nirsoft domain.

I've been using Nir Sofer's software for many, many years without issue.

To be honest this thread is, IMHO, totally incoherent and just casts aspersions about a legitimate and much respected software author without any proof or evidence whatsoever.

I cannot even make sense about what the accusation is.

IMHO it's a absolute nonsense post and I've reported it for the ridiculous rant that it is.

EDIT: IMHO this entire thread needs to be removed. (Or maybe we should all give up using Windows because of a potential Microsoft 'iceberg'... it also has 'soft' in its name. Maybe this would appease the OP?)

Why so cynical? can you disprove the thread? It is a legitimate question with information that leads to a possible legitimate connection. A coincidence at worst.

I have not payed for hosting for years so i forget the process in its entirely but your creds are on record when you go through a domain service. I know the actual registrar information will be correct because they are an legitimate body.

The customer could falsify the registrant part of the creds because they are the ones to fill out that part when signing up with the registrar.

There is sound logic here dude i am not trying to say anything other than its a potential and i am not sure why you are so offended tbh.

Check the whois lookup for these domains they basically all point to the same registrar Namecheap which is a domain authoring body and that part cannot be faked. Then look at all the other info for the whois lookup.

it the same customer(Registrant) which can be falsified but in most cases is not you also have no reason to falsify creds when redacting personal info on your registrar because that would be pointless. The main reason ppl would want to even falsify this to begin with is because its public information. You don't want your real name and address and other sht on public display.

We are also talking about domains that go back 20 years some of these domains go back to the same time as Nirsofts domain, and i only listed a few there is quite a lot more than i listed.


Because there is so much saturation on the domains with the exact same creds it also means that they would not of gone 20 years like this with so many domains with fake creds in the registar.