Odd domain name WWW.SGBAV.OCXTTCX.COM?
Peter Flynn
peter at silmaril.ie
Tue Feb 6 00:22:27 UTC 2024
On 05/02/2024 23:34, Owen Thomas wrote:
> This URL appeared in an email and my guard was down; I clicked on it,
> but cancelled the link soon afterward. I suppose it couldn't hurt
> here to ask if anyone might use their technical nous to find out what
> this link does?
WHOIS says ocxttcx.com is an anonymous domain registered on behalf of
someone by namecheap.com who deal in low-cost throwaway domains.
NSlookup says there's no answer
Ping says it's unknown
Traceroute says the same
For the full hostname,
NSlookup resolves it to 38.132.114.189
Ping says it's up and running
Traceroute currently shows my packets (from here in Ireland) going
across the pond on Aorta, round the houses on Level3, and ending up in
Romania.
us-nyc01b-rd2-ae-9-0.aorta.net
us-was03a-ri1-ae-10-0.aorta.net
ae1.3511.edge2.NewYork6.level3.net
M247-EUROPE.edge2.NewYork6.Level3.net
vlan1924.as24.nyc1.us.m247.ro
38.132.114.189
M247.ro are (as far as I can see) a perfectly reputable British-owned
cloud hosting outfit in Bucharest.
The 30.0.0.0/8 netblock is owned by PSINet in Washington, DC and they
have a non-anonymous entry with a real phone number and email address
for abuse in WHOIS. The netblock 38.132.114.0/24 is allocated to M247 in
Secaucus, NJ, so I suspect any queries should be directed to them.
It seems to respond to http (with a null return) but not https at all.
telnet is closed by ssh is open, so my RSA fingerprint is in their logs.
I'll watch my security and see if they try to probe me.
Peter
More information about the ubuntu-users
mailing list