WHOIS Sitefile.org ~ 47.90.205.103

scamFRAUDalert see it appropriate to issue this ALERT as the website sitefile.org seems to have compromised Alibaba.com LLC and is lunching attack on computers
-db-ip-com-47-90-205-103

Address lookup

canonical name :sitefile.org
aliases
addresses : 50.56.81.119
Domain Whois record

Queried whois.publicinterestregistry.net with “sitefile.org”…

Domain Name: SITEFILE.ORG
Registry Domain ID: D158542657-LROR
Registrar WHOIS Server: whois.discount-domain.com

Registrar URL: http://www.onamae.com
Updated Date: 2017-06-20T10:05:20Z
Creation Date: 2010-03-08T12:50:03Z

Registry Expiry Date: 2019-03-08T12:50:03Z
Registrar Registration Expiration Date:
Registrar: GMO Internet, Inc. d/b/a Onamae.com
Registrar IANA ID: 49
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
Reseller:
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited

Registry Registrant ID: C194307981-LROR
Registrant Name: Whois Privacy Protection Service by onamae.com
Registrant Organization: Whois Privacy Protection Service by onamae.com
Registrant Street: 26-1 Sakuragaoka-cho
Registrant Street: Cerulean Tower 11F
Registrant City: Shibuya-ku
Registrant State/Province: Tokyo
Registrant Postal Code: 150-8512
Registrant Country: JP
Registrant Phone: +81.354562560
Registrant Email: proxy@whoisprotectservice.com

Registry Admin ID: C194307982-LROR
Admin Name: Whois Privacy Protection Service by onamae.com
Admin Organization: Whois Privacy Protection Service by onamae.com
Admin Street: 26-1 Sakuragaoka-cho
Admin Street: Cerulean Tower 11F
Admin City: Shibuya-ku
Admin State/Province: Tokyo
Admin Postal Code: 150-8512
Admin Country: JP
Admin Phone: +81.354562560
Admin Email: proxy@whoisprotectservice.com

Registry Tech ID: C194307983-LROR
Tech Name: Whois Privacy Protection Service by onamae.com
Tech Organization: Whois Privacy Protection Service by onamae.com
Tech Street: 26-1 Sakuragaoka-cho
Tech Street: Cerulean Tower 11F
Tech City: Shibuya-ku
Tech State/Province: Tokyo
Tech Postal Code: 150-8512
Tech Country: JP
Tech Phone: +81.354562560
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: proxy@whoisprotectservice.com
Name Server: NS1.WIXIDNS.COM
Name Server: NS2.WIXIDNS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2017-08-01T20:02:37Z <<>> Last update of WHOIS database: 2017-06-27T00:00:00Z <<<
Network Whois record

Queried whois.arin.net with “n ! NET-50-56-64-0-1″…

NetRange: 50.56.64.0 – 50.56.127.255
CIDR: 50.56.64.0/18
NetName: RACKS-8-1350332937708144
NetHandle: NET-50-56-64-0-1
Parent: RACKS-8-NET-4 (NET-50-56-0-0-1)
NetType: Reassigned
OriginAS:
Customer: Rackspace Cloud Servers (C03181926)
RegDate: 2012-10-16
Updated: 2012-10-16
Ref: https://whois.arin.net/rest/net/NET-50-56-64-0-1

CustName: Rackspace Cloud Servers
Address: 5000 Walzem Rd.
City: San Antonio
StateProv: TX
PostalCode: 78218
Country: US
RegDate: 2012-10-15
Updated: 2012-10-15
Ref: https://whois.arin.net/rest/customer/C03181926

OrgNOCHandle: HANSE157-ARIN
OrgNOCName: Hansell, Chris
OrgNOCPhone: +1-210-312-4000
OrgNOCEmail: hostmaster@rackspace.com
OrgNOCRef: https://whois.arin.net/rest/poc/HANSE157-ARIN

OrgTechHandle: HANSE157-ARIN
OrgTechName: Hansell, Chris
OrgTechPhone: +1-210-312-4000
OrgTechEmail: hostmaster@rackspace.com
OrgTechRef: https://whois.arin.net/rest/poc/HANSE157-ARIN

OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-312-4000
OrgTechEmail: hostmaster@rackspace.com
OrgTechRef: https://whois.arin.net/rest/poc/IPADM17-ARIN

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-312-4000
OrgAbuseEmail: abuse@rackspace.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE45-ARIN
DNS records

name class type data time to live
sitefile.org IN A 50.56.81.119 3600s (01:00:00)
sitefile.org IN MX
preference: 5
exchange: mail.b-io.co
3600s (01:00:00)
sitefile.org IN TXT bio=2b0da2f8f06649707153ec1f91697cf0156377c6 3600s (01:00:00)
119.81.56.50.in-addr.arpa IN PTR 50-56-81-119.static.cloud-ips.com 86400s (1.00:00:00)
81.56.50.in-addr.arpa IN SOA
server: ns.rackspace.com
email: hostmaster@rackspace.com
serial: 1500986243
refresh: 3600
retry: 300
expire: 1814400
minimum ttl: 300
300s (00:05:00)
81.56.50.in-addr.arpa IN NS ns2.rackspace.com 300s (00:05:00)
81.56.50.in-addr.arpa IN NS ns.rackspace.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s