[isalist] FW: your customer is hosting or referring to malware
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>,<isapros@xxxxxxxxxxxxx>
- Date: Sat, 11 Nov 2006 07:02:14 -0800
FYI; if you find www.jimharrison.org, please DO NOT GO THERE.
It's not my site, I don't own or run it and you will be blessed with a
nifty piece of malware if you go there.
As you can see, I've notified the relevant ISPs, but don't hold your
breath for a takedown any time soon.
-----Original Message-----
Sent: Friday, November 10, 2006 4:55 PM
To: dsipes@xxxxxxxxxxxxx; abuse@xxxxxxxxxxxxxx
Subject: your customer is hosting or referring to malware
Importance: High
Domain lookup:
D:\ >nslookup -type=any -recurse www.jimharrison.org 4.2.2.2
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
Non-authoritative answer:
www.jimharrison.org internet address = 66.235.219.116
Domain whois:
http://www.dnsstuff.com/tools/whois.ch?ip=jimharrison.org&server=whois.p
ublicinterestregistry.net&email=on
IP whois:
http://www.dnsstuff.com/tools/whois.ch?ip=66.235.219.116&server=whois.ar
in.net&email=on
..directs to:
81.95.146.98/index.html?id=index12 (DO NOT GO TO THIS SITE!)
IP whois:
http://www.dnsstuff.com/tools/whois.ch?ip=81.95.146.98&server=whois.ripe
.net&email=on
The content delivered from the site at 81.95.146.98 is a piece of
malware.
The person hosting the www.jimharrison.org website knows this, as the
reference to this website is poorly obscured via ASCII encoding in an
iframe object.
Please take all necessary actions to remove these sites.
Thank you,
Jim Harrison
All mail to and from this domain is GFI-scanned.
Other related posts:
- » [isalist] FW: your customer is hosting or referring to malware
