This gets murkier the deeper I dig into it.
According to various domain tools, the original IP address used to host "mail.ttscvn.com". Details for that site have now been removed, but it shared the server with these sites -
entrar.animalog.com.br
login.live.com
login.live.com.nsatc.net
mail.ftplasia.com
mail.ttscvn.com
studentemail.enmu.edu
studentmail.ed-coll.ac.uk
Does that look like a Microsoft server to you? No, me neither. Except it probably is. Here's the source of that info -
http://webcache.googleusercontent.com/search?q=cache:kp5NvvFw31wJ:host.robtex.co m/mail.ttscvn.com.html+131.253.61.64+blacklist&cd=3&hl=en&ct=clnk&gl=uk
http://ip.robtex.com/131.253.61.64.html
Things may have changed slightly. The latest information from http://www.ip-adress.com/reverse_ip/131.253.61.64 shows these domains on the server -
Those do look like Microsoft domains, and the ones I checked have a valid Microsoft digital certificate and a secure https: connection.
The internet organisational graph shows mail.ttscvn.com resolves to AS8075, which is Microsoft (http://as.robtex.com/as8075.html)
It begins to look as if the IP address, the server and the domains all belong to or are connected with Microsoft ...
.. and then everything goes murky again, and the doubt re-appears. One of the host names sharing this suspect IP address is "login.live.com.nsatc.net". For this, see the following -
http://pop.dnstree.com/com/live/login/
http://dnstree.com/com/hotmailbcn/
All well and good, except that http://www.ip-adress.com/whois/hotmailbcn.com shows this is another login page hosted on a server (131.253.61.82) in Ottawa; and if you try to go to "hotmailbcn.com" in Google Chrome you will encounter this page -
At which point I gave up. The servers are, or are not, Microsoft servers. They do, or do not, host phishing sites. They should, or should not, be blocked. It's all as clear as mud.
Message was edited by: Hayton on 16/06/13 23:44:36 IST
No comments:
Post a Comment