TIP: Click on subject to list as thread!

ANSI

echo:	alt-comp-anti-virus
to:	ALL
from:	SPD
date:	2015-05-17 16:27:00
subject:	Re: New Phishing domain `
I got - (enom hosts spammers) Window-Alert-K.com - Window Alert K Whois Report This full website whois and analysis report on Window-Alert-K.com was ran on May, 18, 2015. Registrar ENOM, INC. Whois Server whois.enom.com Referral URL http://www.enom.com Status clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Contact Email Creation Date 05/15/2015 Updated Date 05/15/2015 Expiration Date 05/15/2016 Registrant WHOISGUARD PROTECTED WHOISGUARD, INC. P.O. BOX 0823-03411 PANAMA, PANAMA 00000 PANAMA Telephone: 5078365503 Fax: 5117057182 Email: Administrative Contact WHOISGUARD PROTECTED WHOISGUARD, INC. P.O. BOX 0823-03411 PANAMA, PANAMA 00000 PANAMA Telephone: 5078365503 Fax: 5117057182 Email: Technical Contact WHOISGUARD PROTECTED WHOISGUARD, INC. P.O. BOX 0823-03411 PANAMA, PANAMA 00000 PANAMA Telephone: 5078365503 Fax: 5117057182 Email: Nameservers DNS1.REGISTRAR-SERVERS.COM DNS2.REGISTRAR-SERVERS.COM DNS3.REGISTRAR-SERVERS.COM DNS4.REGISTRAR-SERVERS.COM DNS5.REGISTRAR-SERVERS.COM 2. And this, from a reverse ip Window-Alert-K IP: 23.15.9.43 Window-Alert-K server location: Cambridge in United States Window-Alert-K ISP: Akamai Technologies 3. with a reverse ip whois 23.15.9.43 Whois Report This is the full research report for 23.15.9.43, which is an IP address. Whois Server whois.arin.net Status ALLOCATED Contact Email Registrant Akamai Technologies, Inc. 8 Cambridge Center Cambridge, MA 02142 UNITED STATES Administrative Contact Hannigan, Martin Telephone: 16174442535 Email: Technical Contact Zipkin, Justin Schecter, Steven Jay Hannigan, Martin Telephone: 16174449713 16172747134 16174442535 Email: So, back to akamai. Call the contact listed above and ask him. "Virus G_u_y" wrote in message news:555752E7.861526E3@G-u-y.net... >A co-worker opened IE on a win-7 machine a few days ago and typed what > she thought was "google.ca" into the browser location bar. It's highly > likely that she mistyped one of the characters or added an additional > character. When she hit enter, the browser displayed this site: > > alert.window-alert-k.com/index-BB.html?isp=X > > NOTE: The above URL (minus the ?isp= part) contains an irritating > script that will make it impossible to dismiss the webpage or close the > browser, unless, perhaps, your browser has scripts disabled by default. > > A screen capture that I'm looking at now gives a partial readout for > what "X" is - and it's the name of our ISP. > > Using wget to download a copy of the html file and submitting it to VT > gives NO hits. > > A google search for "alert.window-alert-k.com" (using quotes) gives no > hits at all. Apparently nobody has ever mentioned that domain in any > web-document, blog, forum, etc. > > And can someone explain the whois info for this domain? > > =============== > 207.86.215.16 is from United States (US) in region North America > 207.86.215.58 is from United States (US) in region North America > Input: alert.window-alert-k.com > canonical name: a19.dscg10.akamai.net > aliases: > alert.window-alert-k.com > e486604de5138bebb11e-7f2f4917eda52660ed02fa0bcc2904c5.r17.cf3.rackcdn.com > a17.rackcdn.com > a17.rackcdn.com.mdc.edgesuite.net > > Registered Domain: akamai.net > > Domain Name: AKAMAI.NET > Registrar: TUCOWS DOMAINS INC. > ================= > > Why does a whois query for alert.window-alert-k.com turn into a whois > query for akamai.net ? > > nslookup for alert.window-alert-k.com returns: > > FQDN a19.dscg10.akamai.net > 207.34.231.16 > 207.34.231.18 > > NetRange: 207.34.192.0 - 207.34.255.255 > CIDR: 207.34.192.0/18 > NetName: TELUS-207-34-192-0 > OrgName: TELUS Communications Inc. > City: Burnaby > StateProv: BC > begin 666 ef506443ea5422a610ebf60b9888b6562ab7233e4a2705087f0a016344d070ae9f60f9a3bdb834e 178715b2de65d4332b7b8354f48591f8f.dat MB5!.1PT&@H````-24A$4@```;D````-! ,```#&5@W,````&U!,5$7___\` M``"_O[]?7U^?GY\?'Q_?W]\_/S]_?W\X5P?L```"ZTE$051(B>U5P4[<,! = MNTZR1[ML6(Z1LHU%-IS]K!P325KT$5IPK2J.016%S^[,&]N[<VJVC]J+LS_PML>A:X\G),)P8O0ZG,?^YTP)QN%,.#M`L:B M%[$A--";71(,?>TI89]()YCN`E$Q6%\U2ROC_M@O:&RYYXWK-^RZ?OR`N\JVHJA M[(&W9ZGLO.4L)7+C#[B-'^&U<-&]'\K/1KNW:B%N.PQM#)LX$Y#OC?0PJLYFS"C%31QD;Z?F?T+7H6R0[XV:\8 M[196].#RF@$PL=]N9Z=/-="5^JF2L3_;R?3V8E)UPPE_72O3 S>Z>L M!^IA90&CC7AM9$U#&'7\`)D-=@+^4C(IX\8I-NVOYNSLZDLQ(KXEC7Y23B?:Z?K;&!,%,/ M_#),F[),V./$I1K!Q+[M);O,+&>GV50F/:[,HYWV4>7R7S'$>@;GK$DSYLK$ MV#36OQJ6.3L[\AI+P'SR76,HV:K?+MXMFIWH130[_JWM" P;-UC6@RO>)&NY M/4BYSVD"KAK3W&VZ-9 ]XHA[>%=/V[>N7&C:WG??S!&.5O<LPE?L!A?A<^ M->6UW/H$H157B6OEYNY8-G0XQQ#!FO8B3LP.\"8(A?"TBEO61RRL?[G!P MT]VB`9XCBG.O(@#NEW7XAN/T[YBW 1FD)L[$]7\B6 984O@JS4GU9 AD,TS;RZ\0GFO[`P+IB&T#M6V4`````$E%3D2N0F"" ` end begin 666 da407686de007dc88312ec6dae36945829a45c89985309b0.dat MB5!.1PT&@H````-24A$4@```)H````/! ,```#N>LO4````&U!,5$7___\` M``"_O[\?'Q\_/S_?W]^?GY]?7U]_?W_Z]1(Y```!%$E$050XC=62,4_#0 R% M[4KIK793HHZM&%A;L3 "`HDQ)_$#&?X^=<@ !"S5@GT;O['+\[ MZX[HG"-I,^5W_@ETQNY??_U)UB+R03BF>VJ%X^^CCL[BDL(Z\6J7'>5B1) MG#.KF'H.\UG>;"A;"M>=\WY1;JZR]X:.Q3NMVH,X?TLDE3CG>>?J.=-AL\,_U25GO6.MC86>P<.-W!^(E?DH(.;^)=K/MT0-W4TMSAVLT[!^:5V M10XZN%W\=EOWG2ZL2W0Z Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.