Follow the bouncing WHOIS - Part III
Jul 17th, 2008 by Micheal
In the previous two installments, I’ve shown questionable search engine techniques to raise one’s standing, and ties from supposedly legitimate companies to very questionable companies, employing SPAM text, JavaScript encoding, and other eyebrow-raising techniques.
Now for the scary part. Not the previous two installments weren’t scary.
After looking for a connection with bluehost and someone else, I stumbled upon something else. Some more connections and assets.
http://www.bluehost.com/
Look at the toll-free number. Let’s do a search on Google for that number.
http://www.150m.com/web-hosting-packages.html
Ooooh. Looks familiar?
As a quick aside, I also found this site on Google: http://www.who.is/domain_information-com/pagewizard.com/
Now back on track. http://www.who.is/whois-com/ip-address/150m.com/ supports the 150m. But we knew that already. However, here’s the new stuff. Let’s search for freewebspace inc.
We get freewebspace.com. Let’s whois them.
http://www.who.is/whois-com/ip-address/freewebspace.com/
Okay. Northsky. I’ve seen that before. But before we go there, let’s check a site hosted on freewebspace. http://reddogmg.freewebspace.com/
Let’s check the HTML source. untd.com. WHOIS? http://www.who.is/domain_information-com/untd.com/
Wait, aren’t these the guys that run Netzero? Why yes, yes they are.
Let’s go back to freewebspace.com now.
http://www.freewebspace.com/signup/
Wait, 741.com? Haven’t I already proven the relationship between them and bluehost? http://www.who.is/whois-com/ip-address/741.com/ Hmmmm. 0catch.com and what’s this netgears? WHOIS to the rescue!
http://www.who.is/whois-com/ip-address/netgears.com/
Let’s check out the site. http://www.netgears.com/ Hmmmm. 9k.com? I saw that elsewhere in my searches, but let’s have a look.
http://www.who.is/whois-com/ip-address/9k.com/
northsky.com. Let’s lookup northsky.com. http://www.who.is/whois-com/ip-address/northsky.com/
freeservers.com? I’ve seen that before …
http://www.who.is/whois-com/ip-address/freeservers.com/ UOL Web Services? That sounds familiar … http://www.who.is/domain_information-com/freeservers.com/
Google for UOL Web Services. http://www.communityarchitect.com/fs_img/search/about_us.htm Hey, what’s that at the bottom? UNTD.com? Classmates.com? Juno? Netzero? Let’s check out the about link. http://www.unitedonline.net/
Oooooh. But we aren’t done yet.
Back to netgears.com. What’s this free website hosting? http://www.freewebsitehosting.com/ Whois!
http://www.who.is/whois-com/ip-address/freewebsitehosting.com/ 0catch.com. Something’s weird here. See the signup dropdown? 9k.com.
Let’s review. Now we have the relationship between the questionable Bluehost and UNTD.com/Juno/Netzero/Classmates.com/etc.