Day: August 1, 2017

WhoIs sitefile.org ~ 47.90.205.103

Leave a comment

scamFRAUDalert see it appropriate to issue this ALERT as the website sitefile.org seems to have compromised Alibaba.com LLC and is lunhing attack on computers

-db-ip-com-47-90-205-103

Address lookup

canonical name :sitefile.org
aliases
addresses : 50.56.81.119
Domain Whois record

Queried whois.publicinterestregistry.net with “sitefile.org”…

Domain Name: SITEFILE.ORG
Registry Domain ID: D158542657-LROR
Registrar WHOIS Server: whois.discount-domain.com

Registrar URL: http://www.onamae.com
Updated Date: 2017-06-20T10:05:20Z
Creation Date: 2010-03-08T12:50:03Z

Registry Expiry Date: 2019-03-08T12:50:03Z
Registrar Registration Expiration Date:
Registrar: GMO Internet, Inc. d/b/a Onamae.com
Registrar IANA ID: 49
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
Reseller:
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited

Registry Registrant ID: C194307981-LROR
Registrant Name: Whois Privacy Protection Service by onamae.com
Registrant Organization: Whois Privacy Protection Service by onamae.com
Registrant Street: 26-1 Sakuragaoka-cho
Registrant Street: Cerulean Tower 11F
Registrant City: Shibuya-ku
Registrant State/Province: Tokyo
Registrant Postal Code: 150-8512
Registrant Country: JP
Registrant Phone: +81.354562560
Registrant Email: proxy@whoisprotectservice.com

Registry Admin ID: C194307982-LROR
Admin Name: Whois Privacy Protection Service by onamae.com
Admin Organization: Whois Privacy Protection Service by onamae.com
Admin Street: 26-1 Sakuragaoka-cho
Admin Street: Cerulean Tower 11F
Admin City: Shibuya-ku
Admin State/Province: Tokyo
Admin Postal Code: 150-8512
Admin Country: JP
Admin Phone: +81.354562560
Admin Email: proxy@whoisprotectservice.com

Registry Tech ID: C194307983-LROR
Tech Name: Whois Privacy Protection Service by onamae.com
Tech Organization: Whois Privacy Protection Service by onamae.com
Tech Street: 26-1 Sakuragaoka-cho
Tech Street: Cerulean Tower 11F
Tech City: Shibuya-ku
Tech State/Province: Tokyo
Tech Postal Code: 150-8512
Tech Country: JP
Tech Phone: +81.354562560
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: proxy@whoisprotectservice.com
Name Server: NS1.WIXIDNS.COM
Name Server: NS2.WIXIDNS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2017-08-01T20:02:37Z <<>> Last update of WHOIS database: 2017-06-27T00:00:00Z <<<
Network Whois record

Queried whois.arin.net with “n ! NET-50-56-64-0-1″…

NetRange: 50.56.64.0 – 50.56.127.255
CIDR: 50.56.64.0/18
NetName: RACKS-8-1350332937708144
NetHandle: NET-50-56-64-0-1
Parent: RACKS-8-NET-4 (NET-50-56-0-0-1)
NetType: Reassigned
OriginAS:
Customer: Rackspace Cloud Servers (C03181926)
RegDate: 2012-10-16
Updated: 2012-10-16
Ref: https://whois.arin.net/rest/net/NET-50-56-64-0-1

CustName: Rackspace Cloud Servers
Address: 5000 Walzem Rd.
City: San Antonio
StateProv: TX
PostalCode: 78218
Country: US
RegDate: 2012-10-15
Updated: 2012-10-15
Ref: https://whois.arin.net/rest/customer/C03181926

OrgNOCHandle: HANSE157-ARIN
OrgNOCName: Hansell, Chris
OrgNOCPhone: +1-210-312-4000
OrgNOCEmail: hostmaster@rackspace.com
OrgNOCRef: https://whois.arin.net/rest/poc/HANSE157-ARIN

OrgTechHandle: HANSE157-ARIN
OrgTechName: Hansell, Chris
OrgTechPhone: +1-210-312-4000
OrgTechEmail: hostmaster@rackspace.com
OrgTechRef: https://whois.arin.net/rest/poc/HANSE157-ARIN

OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-312-4000
OrgTechEmail: hostmaster@rackspace.com
OrgTechRef: https://whois.arin.net/rest/poc/IPADM17-ARIN

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-312-4000
OrgAbuseEmail: abuse@rackspace.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE45-ARIN
DNS records

name class type data time to live
sitefile.org IN A 50.56.81.119 3600s (01:00:00)
sitefile.org IN MX
preference: 5
exchange: mail.b-io.co
3600s (01:00:00)
sitefile.org IN TXT bio=2b0da2f8f06649707153ec1f91697cf0156377c6 3600s (01:00:00)
119.81.56.50.in-addr.arpa IN PTR 50-56-81-119.static.cloud-ips.com 86400s (1.00:00:00)
81.56.50.in-addr.arpa IN SOA
server: ns.rackspace.com
email: hostmaster@rackspace.com
serial: 1500986243
refresh: 3600
retry: 300
expire: 1814400
minimum ttl: 300
300s (00:05:00)
81.56.50.in-addr.arpa IN NS ns2.rackspace.com 300s (00:05:00)
81.56.50.in-addr.arpa IN NS ns.rackspace.com

Advertisement

WhoIs Sidexsidenut.com ~ nowplaymore.com

Leave a comment

scamFRAUDalert see it appropriate to issue this ALERT as the website is purporting to scamALERTsell high end sport shoe when in reality this is a fraudulent site. This is nothing new as these sites are dime a dozen. A query of the server identified the sites below.

303 main st, evansville, in 47708
lauren jones footwear
lauren jones footwear reviews
swift athletics

The following A records are set to 162.218.178.171:

  1. cashcreditnow.com
  2. camillecorazon.com
  3. Cashcreditnow.com
  4. dannyolda.com
  5. Electbetz.com
  6. electbetz.com
  7. experientialshoping.com
  8. Farmissy.com
  9. farmissy.com
  10. Freeskifirm.com
  11. freeskifirm.com
  12. Johncarterfitness.com
  13. Laurenjonesfootwear.com
  14. Maddoxbengals.com
  15. madridismosalvaje.com
  16. nbshoes997.com
  17. Nowplaymore.com
  18. nowplaymore.com
  19. rburv.com
  20. rbziv.com

-www-johncarterfitness-com
Address lookup
canonical name :sidexsidenut.com

aliases
addresses :162.218.178.171
Domain Whois record

Queried whois.internic.net with “dom Sidexsidenut.com”…

Domain Name: SIDEXSIDENUT.COM
Registry Domain ID: 1700327496_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2017-07-15T01:46:45Z
Creation Date: 2012-02-03T23:11:54Z
Registry Expiry Date: 2018-02-03T23:11:54Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505

Name Server: PDNS11.DOMAINCONTROL.COM
Name Server: PDNS12.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
Last update of whois database: 2017-08-01T19:01:33Z
Queried whois.godaddy.com with “Sidexsidenut.com”…

Domain Name: sidexsidenut.com
Registry Domain ID: 1700327496_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2017-03-16T23:14:10Z
Creation Date: 2012-02-03T23:11:54Z
Registrar Registration Expiration Date: 2018-02-03T23:11:54Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505

Registry Registrant ID: Not Available From Registry
Registrant Name: Lorn landmar
Registrant Organization:
Registrant Street: 31 Stockwhip place Mount Crosby
Registrant Street: Brisbane
Registrant City: QLD
Registrant State/Province: Australian Capital Territory
Registrant Postal Code: 4306
Registrant Country: AU
Registrant Phone: +43.420473258
Registrant Email: Lorn.landmar.36209@gmail.com

Registry Admin ID: Not Available From Registry
Admin Name: Lorn landmar
Admin Organization:
Admin Street: 31 Stockwhip place Mount Crosby
Admin Street: Brisbane
Admin City: QLD
Admin State/Province: Australian Capital Territory
Admin Postal Code: 4306
Admin Country: AU
Admin Phone: +43.420473258
Admin Email: Lorn.landmar.36209@gmail.com

Registry Tech ID: Not Available From Registry
Tech Name: Lorn landmar
Tech Organization:
Tech Street: 31 Stockwhip place Mount Crosby
Tech Street: Brisbane
Tech City: QLD
Tech State/Province: Australian Capital Territory
Tech Postal Code: 4306
Tech Country: AU
Tech Phone: +43.420473258
Tech Email: Lorn.landmar.36209@gmail.com

Name Server: PDNS11.DOMAINCONTROL.COM
Name Server: PDNS12.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-08-01T19:00:00Z <<<

For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
Network Whois record

Queried whois.ripe.net with "-B 162.218.178.171"
Information related to '162.218.176.0 – 162.218.179.255'
Abuse contact for '162.218.176.0 – 162.218.179.255' is 'info@sayfa.net'

inetnum: 162.218.176.0 – 162.218.179.255
netname: TR-SAYFANET1-20130806
country: TR
org: ORG-INBT1-RIPE
admin-c: ER3896-RIPE
tech-c: ER3896-RIPE
status: ALLOCATED PA
notify: info@sayfa.net
mnt-by: RIPE-NCC-HM-MNT
mnt-by: SAYFA-NET-MNT
mnt-lower: ER101-MNT
mnt-lower: SAYFA-NET-MNT
mnt-routes: ER101-MNT
created: 2016-04-14T15:04:51Z
last-modified: 2016-09-15T16:20:31Z
source: RIPE

organisation: ORG-INBT1-RIPE
remarks: *** TURKIYENIN EN BUYUK IP KIRALAMA SIRKETI ***
remarks: *** ip kiralayan musteri bilgisi icin lutfen info@sayfa.net e ulasiniz ***
org-name: Istanbuldc Veri Merkezi Ltd. Sti
org-type: LIR
address: Buyukdere Cad. Kirgulu Sk. No4 Metrocity D Blok K4 Levent
address: 34394
address: ISTANBUL
address: TURKEY
phone: +905327235263
fax-no: +902129200000
e-mail: info@sayfa.net
abuse-c: AR17383-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: SAYFA-NET-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: SAYFA-NET-MNT
created: 2012-09-12T13:28:12Z
last-modified: 2017-07-04T19:33:07Z
source: RIPE

person: Engin Rencber
remarks: IstanbulDC Veri Merkezi Yoneticisi
remarks: IP kullanici bilgileri icin info@sayfa.net e email gonderiniz.
remarks: Please email to info@sayfa.net for customer details.
address: Buyukdere Cd. No171 Metrocity Kat-4 Datacenter Sisli Istanbul
phone: +905327235263
e-mail: info@sayfa.net
nic-hdl: ER3896-RIPE
mnt-by: ER101-MNT
created: 2012-09-12T13:50:38Z
last-modified: 2017-07-04T19:30:10Z
source: RIPE

% Information related to '162.218.178.0/24AS59447'

route: 162.218.178.0/24
origin: AS59447
mnt-by: SAYFA-NET-MNT
created: 2016-04-14T17:32:12Z
last-modified: 2016-04-14T17:32:12Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.89.2 (HEREFORD)