← Back to team overview

kicad-developers team mailing list archive

  1. kicad-developers team
  2. Mailing list archive
  3. Message #21644

Re: kicad.com malware and scams (the domain we don't know).

  Thread PreviousDate PreviousThread Next 
One thing to consider is to bother the server host,


First one points to 66.135.47.125 (name server #1)

http://whois.arin.net/rest/net/NET-66-135-32-0-1/pft?s=66.135.47.125
OrgAbuseHandle: SNAE-ARIN
OrgAbuseName:   Serverbeach Network AUP Enforcement
OrgAbusePhone:  +1-604-484-2588
OrgAbuseEmail:  abuse@xxxxxxxxxxxxxxx
OrgAbuseRef:    http://whois.arin.net/rest/poc/SNAE-ARIN


Their AUP:
http://www.peer1.com/about-us/legal/acceptable-use-policy



There's a second namesever also being used 85.17.25.202 (nameserver #2)
remarks:        Please send all abuse notifications to the following
email address: abuse@xxxxxxxxxxxxxxx. To ensure proper processing of
your abuse notification, please visit the website
www.leaseweb.com/abuse for notification requirements. All police and
other government agency requests must be sent to
subpoenas@xxxxxxxxxxxxxxx.




And the final malicious server is 208.91.196.145  (redirect server)
OrgAbuseHandle: ABUSE3065-ARIN
OrgAbuseName:   Abuse Admin
OrgAbusePhone:  +1-917-386-6118
OrgAbuseEmail:  abuse@xxxxxxxxxxxxxxxxxxxxxxx
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE3065-ARIN


I am thinking confluence is the one to go after, the name servers
could be legit but its hard to tell with how stupidly they are trying
to hide it.

Follow ups

References

  Thread PreviousDate PreviousThread Next