WhoIs ztomy ~ Malware Distributor

scamFRAUDalert see it appropriate to issue this ALERT that the operator of the domain is a bot master whose business practices includes spamming, malware distribution, url hijacking, etc. etc. etc.
ztomy_serverscreen shot2.PNG
ztomy_serverscreen shot.PNG

ns2004.ztomy.com.png

The following A records are set to 208.91.196.4:

  1. advforward.com
  2. amitaz.com
  3. buypremiumdeals.com
  4. cdn-images.com
  5. cnomy.com
  6. completefwd.com
  7. discovereddeals.com
  8. dmnfwd.com
  9. domainfwd.com
  10. domainfwding.com
  11. fastdomainfwd.com
  12. findcrazydeals.com
  13. findfreshdeals.com
  14. freeresultsguide.com
  15. freesearchresults.com
  16. globaldomainfwd.com
  17. globalizedsearch.com
  18. globalsearchdirect.com
  19. internetmadesecure.com
  20. keywordqueryresults.com
  21. malkm.com
  22. mypageresults.com
  23. mysearchcentral.com
  24. namefwd.com
  25. newsearchstation.com
  26. ns1004.ztomy.com
  27. onlinefastsearch.com
  28. pagequeryresults.com
  29. quickfwd.com
  30. rediscoversearch.com
  31. resultfwding.com
  32. sdomainparking.com
  33. searchacross.com
  34. searchdirectresults.com
  35. searchdiscovered.com
  36. searchedforward.com
  37. searchedresults.com
  38. searchedreveal.com
  39. searcheduncovered.com
  40. searchesexplored.com
  41. searchesinteractive.com
  42. searchesinvent.com
  43. searchesresult.com
  44. searchharbor.com
  45. searchhotspot.com
  46. searchignited.com
  47. searchingexplore.com
  48. searchingmagnified.com
  49. searchinguncovered.com
  50. searchinvented.com
  51. searchmagnified.com
  52. searchmagnitude.com
  53. searchmeaningful.com
  54. searchqueryresults.com
  55. searchrediscovered.com
  56. searchreinvented.com
  57. searchremagnified.com
  58. searchresultsguide.com
  59. searchtargeted.com
  60. searchtermresults.com
  61. sendfwd.com
  62. sitequeryresults.com
  63. smartseekerz.com
  64. targetedinfo.com
  65. targetedlistings.net
  66. targetedtopic.com
  67. thegreatestsearch.com
  68. theusefulsearch.com
  69. universalfwd.com
  70. usinternetsearch.com
  71. virlz.com
  72. webqueryresults.com
  73. ztomy.com *******************
  74. Name Servers: NS1642.ZTOMY.COM
  75. Name Servers: NS2642.ZTOMY.COM

Address lookup
canonical name: ztomy.com
aliases
addresses:208.91.196.4
Domain Whois record

Queried whois.internic.net with “dom ztomy.com

Domain Name: ZTOMY.COM
Registry Domain ID: 1339021575_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.PublicDomainRegistry.com
Registrar URL: http://www.publicdomainregistry.com
Updated Date: 2016-10-28T14:14:47Z
Creation Date: 2007-11-22T13:14:45Z
Registry Expiry Date: 2017-11-22T13:14:45Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com

Registrar Abuse Contact Phone: +1.2013775952
Domain Status: clientTransferProhibited
Name Server: NS1-106.AKAM.NET
Name Server: NS1-109.AKAM.NET
Name Server: USC4.AKAM.NET
Name Server: USC5.AKAM.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint

>>> Last update of whois database: 2017-08-11T23:10:08Z <<>> Last update of WHOIS database: 2017-08-11T23:10:23Z <<<

Network Whois record

Queried whois.arin.net with “n 208.91.196.4″…

NetRange: 208.91.196.0 – 208.91.197.255
CIDR: 208.91.196.0/23
NetName: CONFLUENCE-NETWORK-INC
NetHandle: NET-208-91-196-0-1
Parent: NET208 (NET-208-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS40034
Organization: Confluence Networks Inc (CN)
RegDate: 2011-04-15
Updated: 2015-11-23
Ref: https://whois.arin.net/rest/net/NET-208-91-196-0-1

OrgName: Confluence Networks Inc
OrgId: CN
Address: 3rd Floor, J & C Building, P.O. Box 362
City: Road Town
StateProv: Tortola
PostalCode: VG1110
Country: VG
RegDate: 2011-04-07
Updated: 2017-03-29
Ref: https://whois.arin.net/rest/org/CN

OrgAbuseHandle: ABUSE3065-ARIN
OrgAbuseName: Abuse Admin
OrgAbusePhone: +1-415-449-4704
OrgAbuseEmail: abuse@confluence-networks.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE3065-ARIN

OrgTechHandle: TECHA29-ARIN
OrgTechName: Tech Admin
OrgTechPhone: +1-415-358-0891
OrgTechEmail: noc@confluence-networks.com
OrgTechRef: https://whois.arin.net/rest/poc/TECHA29-ARIN

OrgNOCHandle: NOCAD51-ARIN
OrgNOCName: NOC Admin
OrgNOCPhone: +1-415-358-0891
OrgNOCEmail: noc@confluence-networks.com
OrgNOCRef: https://whois.arin.net/rest/poc/NOCAD51-ARIN

DNS records

DNS query for 4.196.91.208.in-addr.arpa returned an error from the server: ServerFailure
name class type data time to live
ztomy.com IN TXT v=spf1 -all 86400s (1.00:00:00)
ztomy.com IN NS ns1-106.akam.net 86400s (1.00:00:00)
ztomy.com IN NS ns1-109.akam.net 86400s (1.00:00:00)
ztomy.com IN NS usc4.akam.net 86400s (1.00:00:00)
ztomy.com IN SOA
server: usc4.akam.net
email: abuse@opticaljungle.com
serial: 2015082928
refresh: 43200
retry: 3600
expire: 1209600
minimum ttl: 180
86400s (1.00:00:00)
ztomy.com IN A 208.91.196.4 300s (00:05:00)

— end —
URL for this output | return to CentralOps.net, a service of Hexillion

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s