Info about FAKE SITE FOR2BILL.COM

Info about FAKE SITE FOR2BILL.COM

Fake site
Fake site

Address lookup

canonical name for2bill.com.
aliases
addresses 216.224.161.87

Domain Whois record

Queried whois.internic.net with “dom for2bill.com“…

   Domain Name: FOR2BILL.COM
   Registrar: HICHINA ZHICHENG TECHNOLOGY LTD.
   Whois Server: grs-whois.hichina.com
   Referral URL: http://www.net.cn
   Name Server: DNS17.HICHINA.COM
   Name Server: DNS18.HICHINA.COM
   Status: ok
   Updated Date: 21-nov-2013
   Creation Date: 21-nov-2013
   Expiration Date: 21-nov-2014

>>> Last update of whois database: Sun, 15 Jun 2014 20:27:18 UTC <<<

Queried grs-whois.hichina.com with “for2bill.com“…

Domain Name: for2bill.com
Registry Domain ID: 
Registrar WHOIS Server: whois.hichina.com
Registrar URL: http://www.net.cn/
Updated Date: 2013-11-21T07:33:58Z
Creation Date: 2013-11-21T07:33:58Z
Registrar Registration Expiration Date: 2014-11-21T07:33:58Z
Registrar: HICHINA ZHICHENG TECHNOLOGY LTD.
Registrar IANA ID: 420
Registrar Abuse Contact Email: abuse@list.alibaba-inc.com
Registrar Abuse Contact Phone: +86.1064242299
Reseller: 
Domain Status: 
Registry Registrant ID: whois-protect
Registrant Name: WHOIS AGENT
Registrant Organization: DOMAIN WHOIS PROTECTION SERVICE
Registrant Street: 3/F.,HiChina Mansion,No.27 Gulouwai Avenue,Dongcheng District,Beijing 100120,China
Registrant City: Beijing
Registrant State/Province: Beijing
Registrant Postal Code: 100120
Registrant Country: CN
Registrant Phone: +8610.64242266
Registrant Phone Ext: 
Registrant Fax: +8610.84138796
Registrant Fax Ext: 
Registrant Email: domainadm@hichina.com
Registry Admin ID: whois-protect
Admin Name: WHOIS AGENT
Admin Organization: DOMAIN WHOIS PROTECTION SERVICE
Admin Street: 3/F.,HiChina Mansion,No.27 Gulouwai Avenue,Dongcheng District,Beijing 100120,China
Admin City: Beijing
Admin State/Province: Beijing
Admin Postal Code: 100120
Admin Country: CN
Admin Phone: +8610.64242266
Admin Phone Ext: 
Admin Fax: +8610.84138796
Admin Fax Ext: 
Admin Email: domainadm@hichina.com
Registry Tech ID: whois-protect
Tech Name: WHOIS AGENT
Tech Organization: DOMAIN WHOIS PROTECTION SERVICE
Tech Street: 3/F.,HiChina Mansion,No.27 Gulouwai Avenue,Dongcheng District,Beijing 100120,China
Tech City: Beijing
Tech State/Province: Beijing
Tech Postal Code: 100120
Tech Country: CN
Tech Phone: +8610.64242266
Tech Phone Ext: 
Tech Fax: +8610.84138796
Tech Fax Ext: 
Tech Email: domainadm@hichina.com
Name Server: dns17.hichina.com
Name Server: dns18.hichina.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2014-06-15T20:27:34Z <<<

Registry Billing ID: whois-protect
Billing Name: WHOIS AGENT
Billing Organization: DOMAIN WHOIS PROTECTION SERVICE
Billing Street: 3/F.,HiChina Mansion,No.27 Gulouwai Avenue,Dongcheng District,Beijing 100120,China
Billing City: Beijing
Billing State/Province: Beijing
Billing Postal Code: 100120
Billing Country: CN
Billing Phone: +8610.64242266
Billing Phone Ext: 
Billing Fax: +8610.84138796
Billing Fax Ext: 
Billing Email: domainadm@hichina.com

Important Reminder: Per ICANN 2013RAA`s request, Hichina has modified domain names`whois format of dot com/net/cc/tv, you could refer to section 1.4 posted by ICANN on http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun13-en.htm#whois

Network Whois record

Queried whois.arin.net with “n ! NET-216-224-161-0-1“…

NetRange:       216.224.161.0 - 216.224.161.255
CIDR:           216.224.161.0/24
OriginAS:       AS4355
NetName:        ELNK-CLOUD
NetHandle:      NET-216-224-161-0-1
Parent:         NET-216-224-128-0-1
NetType:        Reallocated
RegDate:        2012-12-11
Updated:        2012-12-11
Ref:            http://whois.arin.net/rest/net/NET-216-224-161-0-1

OrgName:        SoftCom America Inc.
OrgId:          SOFTC-8
Address:        1100 Pittsford Victor Rd.
City:           Pittsford
StateProv:      NY
PostalCode:     14534
Country:        US
RegDate:        2010-05-05
Updated:        2013-05-10
Ref:            http://whois.arin.net/rest/org/SOFTC-8

OrgTechHandle: RAJAN1-ARIN
OrgTechName:   Rajanayagam, Ted 
OrgTechPhone:  +1-416-957-7432 
OrgTechEmail:  tedr@softcom.com
OrgTechRef:    http://whois.arin.net/rest/poc/RAJAN1-ARIN

OrgAbuseHandle: ABUSE3309-ARIN
OrgAbuseName:   Abuse Team
OrgAbusePhone:  +1-416-957-7401 
OrgAbuseEmail:  abuse@softcom.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE3309-ARIN

OrgNOCHandle: RAJAN1-ARIN
OrgNOCName:   Rajanayagam, Ted 
OrgNOCPhone:  +1-416-957-7432 
OrgNOCEmail:  tedr@softcom.com
OrgNOCRef:    http://whois.arin.net/rest/poc/RAJAN1-ARIN

DNS records

name class type data time to live
for2bill.com IN A 216.224.161.87 3600s (01:00:00)
for2bill.com IN SOA
server: dns17.hichina.com
email: hostmaster@hichina.com
serial: 2013120620
refresh: 10800
retry: 900
expire: 604800
minimum ttl: 3600
3600s (01:00:00)
for2bill.com IN MX
preference: 1
exchange: mx.zohomail.com
3600s (01:00:00)
for2bill.com IN NS dns17.hichina.com 3600s (01:00:00)
for2bill.com IN NS dns18.hichina.com 3600s (01:00:00)
87.161.224.216.in-addr.arpa IN PTR vps-1146411-18904.manage.myhosting.com 3600s (01:00:00)
161.224.216.in-addr.arpa IN SOA
server: ns1.caex.com
email: resellers@softcom.com
serial: 1402838054
refresh: 14400
retry: 7200
expire: 2419200
minimum ttl: 3600
3600s (01:00:00)
161.224.216.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 10800 (03:00:00)
signature expiration: 2014-06-25 16:02:56Z
signature inception: 2014-06-15 16:02:56Z
key tag: 26063
signer’s name: 216.in-addr.arpa
signature:
(1024 bits)
A21F1BDEA9035F0B5ACEA8154E977376
14D0B50F1DC4B9D34B9A52D7CED03EF6
88414B366D3BABA8F9531F1F3EEB2ADE
197BCF07BC3CFF056476D0D9847982B3
2EB3A39AE186752DEAC2F248A8804CCE
6DAD81486CB974D1B6EBE9C959660981
B0A0E5AC224B7E0579FFEF893F210202
C8C1B393C62BBB3ECB5B0993EC857651
10800s (03:00:00)
161.224.216.in-addr.arpa IN NSEC
next domain name: 162.224.216.in-addr.arpa
record types: NS RRSIG NSEC
10800s (03:00:00)
161.224.216.in-addr.arpa IN NS ns.caex.com 3600s (01:00:00)
161.224.216.in-addr.arpa IN NS ns2.caex.com 3600s (01:00:00)
161.224.216.in-addr.arpa IN NS ns1.caex.com 3600s (01:00:00)

Traceroute

Tracing route to for2bill.com [216.224.161.87]

hop rtt rtt rtt ip address fully qualified domain name
1 0 0 0 208.101.16.73 208.101.16.73-static.reverse.softlayer.com
2 3 21 9 66.228.118.153 ae11.dar01.sr01.dal01.networklayer.com
3 0 0 0 173.192.18.254 ae14.bbr02.eq01.dal03.networklayer.com
4 0 0 0 157.238.224.229 ae-11.r01.dllstx04.us.bb.gin.ntt.net
5 5 0 0 129.250.2.198 ae-1.r21.dllstx09.us.bb.gin.ntt.net
6 23 31 31 129.250.2.201 ae-4.r21.chcgil09.us.bb.gin.ntt.net
7 29 29 25 129.250.4.202 ae-2.r06.chcgil09.us.bb.gin.ntt.net
8 22 23 27 128.242.186.162 xe-0-3-0-7.r06.chcgil09.us.ce.gin.ntt.net
9 52 55 47 165.121.238.69 user-2injri5.dialup.mindspring.com
10 50 54 49 66.32.0.242 static-66-32-0-242.earthlinkbusiness.net
11 48 51 51 216.224.150.166
12 * * *
13 45 48 37 216.224.161.6
14 43 46 39 216.224.161.87 vps-1146411-18904.manage.myhosting.com

Trace complete

Service scan

FTP – 21 220 ProFTPD 1.3.4a Server (ProFTPD) [216.224.161.87]
SMTP – 25 220 vps-1146411-18904.manage.myhosting.com ESMTP
HTTP – 80 HTTP/1.1 200 OK
Date: Sun, 15 Jun 2014 20:27:41 GMT
Server: Apache
Last-Modified: Wed, 04 Dec 2013 17:09:40 GMT
ETag: "4182a94-9c3-4ecb87a7d1d00"
Accept-Ranges: bytes
Content-Length: 2499
X-Powered-By: PleskLin
Connection: close
Content-Type: text/html
POP3 – 110 +OK Hello there. <17535.1402864062@localhost.localdomain>
IMAP – 143 * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=PLAIN IDLE ACL ACL2=UNION STARTTLS]
* BYE Disconnected for inactivity.

— end —

Leave a Reply

Your email address will not be published.