A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

ateinc.net ???



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old December 31st 17, 11:00 AM posted to alt.windows7.general
No_Name
external usenet poster
 
Posts: 222
Default ateinc.net ???

I have received an email from this address twice now:

ateinc.net/.smx/rec.htm

wanting to verify my identity. Naurally I turned it off.

Anyone recognize it?

Thanks
JW
  #5  
Old January 1st 18, 12:17 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default ateinc.net ???

Paul in Houston TX wrote:

wrote:

I have received an email from this address twice now:

ateinc.net/.smx/rec.htm

wanting to verify my identity. Naurally I turned it off.
Anyone recognize it?


They are in Virgina, USA, probably CIA, NSA, FBI, etc.


Wrong. Perhaps you intended to be facetious but forgot a smiley.

https://www.whois.com/whois/ateinc.net
Indonesian registrant
I was surprised the registrant doesn't hide behind a private domain
registration; however, despite IANA requiring a registrar to verify
validity of registrant information, registrants do lie. According to
the WhoIs information, that domain's registration expired back on

Their IPv6 addresses are to Cloudflare, a large CDN (Content Delivery
Network) often used for ad content but also other content. Their IPv4
addresses don't have a reverse DNS lookup. When I do an IPWhois on
their IPv4 addresses, they are in Cloudflare's IP pool.

When I look at their web site's code, there are lots of links to paths
that look like customer names. So it looks like it is a low-end or 3rd
tier webhosting provider where each web "site" is a path under their
domain (instead of provide direct domain redirection to the webhosted
site although it's possible to have both routes to a webhosted site).
Some of the sub-sites a

http://ateinc.net/wohnzimmer-orange-grau/ (Wohnzimmer Orange Grau)
http://ateinc.net/bad-braun/ (Bad Braun)
http://ateinc.net/spitzboden-ausbauen-ideen/ (Spitzboden Ausbauen Ideen)
http://ateinc.net/farben-wand-ideen-braun/ (Farben Wand Ideen Braun)
http://ateinc.net/schone-badezimmer-fotos/ (Schöne Badezimmer Fotos)
and so on

There was no navpath listed in their home page with "smx" as a substring
so it is a direct path (not linked on their home page). When I attempt
to go to ateinc.com/.smx/rec.html (to get headers, not to render the
page), I get the "404 Not Found" error page. So they dropped that
rec.html under that navpath. Could be it got reported as a phish site.
Could be they're done phishing ... for now.

Have no idea what the OP meant by "turned it off". You don't turn off
URLs. Those are just strings. Also, since an exhibit of the spam or
phish e-mail was not presented here for analysis, it is unknown if the
URL string the OP mentioned is from the href attribute of an A tag (to
where the hyperlink actually points) or from the comment section of the
A tag which can be anything. What a client displays as the URL for a
hyperlink is quite often the comment, not the actual URL. Also, the
Received headers would show from where the spam or phish e-mail
originated, not what the sender claimed in the From header. Without an
exhibit of the e-mail (with the recipient's headers obfuscated to his
their e-mail address), not possible to where the hyperlink actually
pointed or from where the e-mail originated.

The OP wants us to analyze an e-mail never presented. Zim zim ala bim,
the spirits are about to speak. Damn, my crystal ball needs a new
battery. Those take months to deliver, especially for my model that
takes 1.21 gigawatts (https://www.youtube.com/watch?v=I5cYgRnfFDA).
  #6  
Old January 1st 18, 12:18 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default ateinc.net ???

VanguardLH wrote:

... According to the WhoIs information, that domain's registration
expired back on ...


Forget that part. That domain doesn't expire until sometime in 2018.
Forgot to remove before submit.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 04:51 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.