Strange Domain Redirection

Very strange. I'm getting "forbidden" trying to pull up fybertech.info, so I guess that's your block that's doing that.

The whois information for the IP shows:

eNom INAP-SEF-ENOM-1761 (NET-69-25-142-0-1)
                                  69.25.142.0 - 69.25.142.63

eNom is a domain name registrar. I think it's often used by domain-squatters, and ebay domain-traders. I have no idea why a domain you don't own would be there forwarding to one that you do.

The whois data for the domain is using a privacy protection service. [[url]http://www.whois.sc/fybertech.info].

Edit: I'm not sure if they can do keylogging directly with script, but it certainly gives them the option to do things with cookies, popups, ads, web-bugs, etc. If they do google-hijacking so that their version appears higher in the search rank than the real one, they can track your traffic.

OK, I found something. It looks like it's eNom trying to tack ads onto your site.

Check this out: ~~[http://www.webhostingtalk.com/archive/thread/377890-1.html" target="_blank">](http://www.webhostingtalk.com/archive/t … 890-1.html">http://www.webhostingtalk.com/archive/thread/377890-1.html](

Here's the code of the page they're "redirecting" to your site with:

<noframes>

## Your browser does not support frames.  We recommend upgrading your browser.

<center>Click [here](http://fybertech.com) to enter the site.</center>

</noframes>

The line I find particularly disturbing is this one:

Yeah I did a whois on the domain to start with and found the privacy protection. No surprise there, eh? But the link you gave at least shows I'm not the first to have come across this kinda stuff. Here's also a list of other domains they seem to own: http://whois.webhosting.info/64.74.96.243

I saw the "/?a8734haka8dr781346=true" part too and decided to follow up on it, which loading fybertech.info with that appended to the url gave:

<iframe src="http://simg.zedo.com/roimedia/tag/roimedia_enom_urlfwd_720x300.html" frameborder="0" marginheight="0" marginwidth="0" scrolling="no" allowtransparency="true" width="1" height="1"></iframe>

Following that iframe url took me yet deeper.

<title>Advertisemen</title>

It seems to finally end there with that javascript file, which appears to be designed to dish out ads from what I can tell by first glance. All I know is that I don't appreciate what they're doing, and will be blocking the hazardlabs.info one as well.

@FyberOptic:

http://whois.webhosting.info/64.74.96.243
Yoink!

I've been looking for a free reverse IP lookup tool everywhere. Tends to come in handy, but the only other one I've seen is on whois.sc, and their's isn't free past the first 5 domains. Thanks.

@tierra:

@FyberOptic:

http://whois.webhosting.info/64.74.96.243
Yoink!

I've been looking for a free reverse IP lookup tool everywhere. Tends to come in handy, but the only other one I've seen is on whois.sc, and their's isn't free past the first 5 domains. Thanks.

Well, that doesn't look like a true reverse-lookup tool, but rather a tool that tracks how many domains have 'forward' A records to the IP in question… An A record for the domain itself, not any particular subdomain, such as www, that is.

Heh, it wouldn't be hard to hack together a CGI script to just do a 'dig' and spit out the results. :)

@NecroBones:

Well, that doesn't look like a true reverse-lookup tool, but rather a tool that tracks how many domains have 'forward' A records to the IP in question… An A record for the domain itself, not any particular subdomain, such as www, that is.

Heh, it wouldn't be hard to hack together a CGI script to just do a 'dig' and spit out the results. :)

I wasn't talking about doing a reverse lookup on an IP and finding a single domain. On occasion I need a tool to tell me what other domains are hosted on the same IP (sometimes just for an idea of how many other domains are hosted). That typically requires a rather big database behind it recording all the results on domain lookups and selecting all the ones that point to the same (requested) IP. I don't know many people with the resources to keep an up-to-date database like that, so I could imagine places that already do whois lookups offer that service is about the only viable way to do it, and finding places that'll offer full lists like FyberOptic mentioned for free is rather rare. Whois.sc offers the same service, but it's not free past the first 3 (I mentioned 5 earlier, but it is in fact 3) as you can see here (free reg req): http://www.whois.sc/reverse-ip/64.74.96.243