[Dshield] Site suspect

George Theall theall at tifaware.com
Fri Oct 24 00:33:50 GMT 2003


On Thu, Oct 23, 2003 at 01:55:57PM -0500, john beck wrote:

> I have been alerted to a website that someone was going to book a room at 
> Hyatt Regency and they went to www.hyattregency.com and there it, will give 
> a popup that says you have the rpc virus and it wants you to click ok to 
> scan your machine, 

Looks like a cybersquatter; the real Hyatt web site is at
<http://www.hyatt.com/>. 

                     ---- snip, snip, snip ----
theall at badger:/home/theall>whois hyattregency.com at whois.geektools.com
[whois.geektools.com]
GeekTools Whois Proxy v5.0.3 Ready.
Checking access for 65.216.135.9... ok.
Checking server [whois.crsnic.net]
Checking server [whois.enom.com]
Results:
Registration Service Provided By: -
Contact: admin at russa.com
  
Domain name: hyattregency.com
  
Registrant Contact:
   NA
   The data in Bulkregister.com's WHOIS database is p   (NA)
   NA
   Bulkregister.com for information purposes only, that is, to
   obtaining information about or related to a domain name regi
   does not guarantee its ac,
   ou
  
  
Administrative Contact:
   Free Domains Parking
   Andrey Vasiliev -   (mail at russa.com)
   180-23-06
   Glavpochtamt, d/v Vasiliev Andrey Vladimirovich
   Moscow, RU 101000
   Moscow, RU 101000
   RU
...
                     ---- snip, snip, snip ----

George
-- 
theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20031023/27dd404b/attachment.bin


More information about the list mailing list