If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
ateinc.net ???
I have received an email from this address twice now:
ateinc.net/.smx/rec.htm wanting to verify my identity. Naurally I turned it off. Anyone recognize it? Thanks JW |
Ads |
#3
|
|||
|
|||
ateinc.net ???
On Sun, 31 Dec 2017 05:00:38 -0500, wrote:
I have received an email from this address twice now: ateinc.net/.smx/rec.htm wanting to verify my identity. Naurally I turned it off. Anyone recognize it? Thanks JW You turned it off? Did you actually subscribed to any of their services? I hope you didn't turn it off by clicking an "unsubscribe" link on the email. |
#4
|
|||
|
|||
ateinc.net ???
|
#5
|
|||
|
|||
ateinc.net ???
Paul in Houston TX wrote:
wrote: I have received an email from this address twice now: ateinc.net/.smx/rec.htm wanting to verify my identity. Naurally I turned it off. Anyone recognize it? They are in Virgina, USA, probably CIA, NSA, FBI, etc. Wrong. Perhaps you intended to be facetious but forgot a smiley. https://www.whois.com/whois/ateinc.net Indonesian registrant I was surprised the registrant doesn't hide behind a private domain registration; however, despite IANA requiring a registrar to verify validity of registrant information, registrants do lie. According to the WhoIs information, that domain's registration expired back on Their IPv6 addresses are to Cloudflare, a large CDN (Content Delivery Network) often used for ad content but also other content. Their IPv4 addresses don't have a reverse DNS lookup. When I do an IPWhois on their IPv4 addresses, they are in Cloudflare's IP pool. When I look at their web site's code, there are lots of links to paths that look like customer names. So it looks like it is a low-end or 3rd tier webhosting provider where each web "site" is a path under their domain (instead of provide direct domain redirection to the webhosted site although it's possible to have both routes to a webhosted site). Some of the sub-sites a http://ateinc.net/wohnzimmer-orange-grau/ (Wohnzimmer Orange Grau) http://ateinc.net/bad-braun/ (Bad Braun) http://ateinc.net/spitzboden-ausbauen-ideen/ (Spitzboden Ausbauen Ideen) http://ateinc.net/farben-wand-ideen-braun/ (Farben Wand Ideen Braun) http://ateinc.net/schone-badezimmer-fotos/ (Schöne Badezimmer Fotos) and so on There was no navpath listed in their home page with "smx" as a substring so it is a direct path (not linked on their home page). When I attempt to go to ateinc.com/.smx/rec.html (to get headers, not to render the page), I get the "404 Not Found" error page. So they dropped that rec.html under that navpath. Could be it got reported as a phish site. Could be they're done phishing ... for now. Have no idea what the OP meant by "turned it off". You don't turn off URLs. Those are just strings. Also, since an exhibit of the spam or phish e-mail was not presented here for analysis, it is unknown if the URL string the OP mentioned is from the href attribute of an A tag (to where the hyperlink actually points) or from the comment section of the A tag which can be anything. What a client displays as the URL for a hyperlink is quite often the comment, not the actual URL. Also, the Received headers would show from where the spam or phish e-mail originated, not what the sender claimed in the From header. Without an exhibit of the e-mail (with the recipient's headers obfuscated to his their e-mail address), not possible to where the hyperlink actually pointed or from where the e-mail originated. The OP wants us to analyze an e-mail never presented. Zim zim ala bim, the spirits are about to speak. Damn, my crystal ball needs a new battery. Those take months to deliver, especially for my model that takes 1.21 gigawatts (https://www.youtube.com/watch?v=I5cYgRnfFDA). |
#6
|
|||
|
|||
ateinc.net ???
VanguardLH wrote:
... According to the WhoIs information, that domain's registration expired back on ... Forget that part. That domain doesn't expire until sometime in 2018. Forgot to remove before submit. |
#7
|
|||
|
|||
ateinc.net ???
VanguardLH wrote:
Paul in Houston TX wrote: wrote: I have received an email from this address twice now: ateinc.net/.smx/rec.htm wanting to verify my identity. Naurally I turned it off. Anyone recognize it? They are in Virgina, USA, probably CIA, NSA, FBI, etc. Wrong. Perhaps you intended to be facetious but forgot a smiley. You are correct. I should not have attempted humor. No telling how it may be interpreted. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|