• Get involved.
    We want your input!
    Apply for Membership and join the conversations about everything related to broadcasting.

    After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
    If you use a disposable or false email address, your registration will be rejected.

    After your membership is approved, please take a minute to tell us a little bit about yourself.
    https://www.radiodiscussions.com/forums/introduce-yourself.1088/

    Thanks in advance and have fun!
    RadioDiscussions Administrators

What happens?... when you click on "CLICK HERE" in the ibiquity.com message?

T

thezak

What happens?... when you click on "CLICK HERE" in the ibiquity.com message?

What happens?... when you click on "CLICK HERE" in the struble [at] ibiquity.com message,

>"From: Bob Struble <struble [at] ibiquity.com>
> Subject: Important Documents
> Hi,
> I Just uploaded Some Important Documents for you, using Google Docs. CLICK
> HERE < http://istroy.org/wp-includes/images/wwwv/index.005.php > Please sign
> in with your email address to view the document.
> Yours Sincerely,
> *
> *
> *Bob*
> Robert J. Struble
> President and CEO
> iBiquity Digital Corporation
> 6711 Columbia Gateway Drive, Suite 500
> Columbia, MD 21046
> 443-539-4300
> www.ibiquity.com
 
Re: What happens?... when you click on "CLICK HERE" in the ibiquity.com message?

Probably a hijacker (not a hacker.) Look at the following whois information:
Code: 
~$ whois istroy.com

Whois Server Version 2.0

 Domain Name: ISTROY.COM
 Registrar: CJSC REGISTRAR R01
 Whois Server: whois.r01.ru
 Referral URL: http: //r01.ru
 Name Server: NS1.R01.RU
 Name Server: NS2.R01.RU
 Status: clientRenewProhibited
 Status: clientTransferProhibited
 Updated Date: 20-oct-2011
 Creation Date: 27-apr-2004
 Expiration Date: 27-apr-2013

>>> Last update of whois database: Thu, 07 Mar 2013 21:07:20 UTC <<<
*snip*
Code: 
% By submitting a query to R01 Whois Service
% you agree to abide by the following terms of use:
% http: //r01.ru/whois/conditions/

Domain name: ISTROY.COM

Status: clientTransferProhibited



NameServers:
  ns1.r01.ru
  ns2.r01.ru

Creation date: 27-04-2004
Expiration date: 27-04-2013

Registrant:
  N/A
  Privacy Protection    (noreply @r01.ru)
  For contacting domain registrant
  please visit http: //privacy.r01.ru
  All Postal mails and correspondence will be ignored.
  Moscow
  Moscow,10001
  RU
  Tel. +7.495000000

Administrative Contact:
  N/A
  Privacy Protection    (noreply @r01.ru)
  For contacting domain registrant
  please visit http: //privacy.r01.ru
  All Postal mails and correspondence will be ignored.
  Moscow
  Moscow,10001
  RU
  Tel. +7.495000000

Technical Contact:
  N/A
  Privacy Protection    (noreply @r01.ru)
  For contacting domain registrant
  please visit http: //privacy.r01.ru
  All Postal mails and correspondence will be ignored.
  Moscow
  Moscow,10001
  RU
  Tel. +7.495000000

Billing Contact:
  N/A
  Privacy Protection    (noreply @r01.ru)
  For contacting domain registrant
  please visit http: //privacy.r01.ru
  All Postal mails and correspondence will be ignored.
  Moscow
  Moscow,10001
  RU
  Tel. +7.495000000

Information provided by R01 registrar
For the most part, corporate servers can be very trivial to hijack and exploit, especially public Internet-facing machines (like WWW servers) running insecure Micro$haft garbage.

[size=8pt]And since this is my 2600th post:
http://phworld.org/sounds/wawina/bb1.mp3
http://phworld.org/sounds/wawina/bb2.mp3
 
Re: What happens?... when you click on "CLICK HERE" in the ibiquity.com message?

Well, gee, that whois listing was for istroy.COM, which is clearly not what you specified in your link. (Apparently I misread it.) But the one for istroy.ORG is even more interesting (and revealling!):
Code: 
~$ whois istroy.org

Domain ID:D167249901-LROR
Domain Name:ISTROY.ORG
Created On:01-Dec-2012 23:49:55 UTC
Last Updated On:31-Jan-2013 03:45:14 UTC
Expiration Date:01-Dec-2013 23:49:55 UTC
Sponsoring Registrar:PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Status:CLIENT TRANSFER PROHIBITED

Registrant ID:DI_25300528
Registrant Name:Platon (name withheld)
Registrant Organization:Private Person
Registrant Street1:(withheld)
Registrant Street2:apt 99
Registrant Street3:
Registrant City:Brovary        }
Registrant State/Province:Kiev Oblast }
Registrant Postal Code:07400      } <-- Ukraine!
Registrant Country:UA         }
Registrant Phone:+380.(number withheld) } 
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:tuazor671@(withheld)

Admin ID:DI_25300528
Admin Name:Platon (name withheld)
Admin Organization:Private Person
Admin Street1:(withheld)
Admin Street2:apt.99
Admin Street3:
Admin City:Brovary
Admin State/Province:Kiev Oblast
Admin Postal Code:07400
Admin Country:UA
Admin Phone:+380.(number withheld)
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:tuazor671@(withheld)

Tech ID:DI_10649276
Tech Name:GlavDomain
Tech Organization:glavdomain.com
Tech Street1:2, Belorusskaya str.
Tech Street2:
Tech Street3:
Tech City:Kyiv
Tech State/Province:Kiev
Tech Postal Code:04050
Tech Country:UA
Tech Phone: +380.487375775
Tech Phone Ext.:
Tech FAX:+380.445937569
Tech FAX Ext.:
Tech Email:[email protected]

Name Server:NS1.UA-HOSTING.COM.UA
Name Server:NS.UA-HOSTING.COM.UA
DNSSEC:Unsigned
Click to expand...

I still think it's a hijacker. Probably a "fishing" attack, considering that it wants people to "register" their E-mail address in order to view these alleged documents.
 
Status
This thread has been closed due to inactivity. You can create a new thread to discuss this topic.


Back
Top Bottom