Is cpc124328-ayle4-2-0-cust48.15-2.cable.virginm.net really an attack site and does it belong to Virgin Media Enterprises Ltd?
For full details of the evidence see below.
In summary:
YAHOO! is my main email service and lists unknown devices that login as a security precaution. They says that my ISP may appear in my list of unknown devices. my ISP is the company "Virgin Enterprises Limited" as the registered owner of http://www.virginmedia.com/. So I would expect a virginmedia.com URL which is not what I get.
Unfortunately the unkown server regularly logging in is Virginm.net, not virginmedia.com.
If I browse to Virginm.net it is listed as an attack site by both Firefox and Google Chrome.
It is not listed as being registered to: "Virgin Enterprises Limited, London" but to: "VIRGIN MEDIA BUSINESS, CARDIFF" the registrars are different too.
I would like to confirm if Virgin Media Enterprise are related to VIRGIN MEDIA BUSINESS or not.
If virginm.net is owned by Virgin Enterprises Limited why is it being listed as an attack site and can Firefox and "Virgin Enterprises Limited" worke together to resolve the issue.
If it is not a Virgin Enterprises Limited site please can someone tell me how it got into the chain between my ISP and my web mail provider As that is even more worrying I have asked "Virgin Enterprises Limited" to sort that out if it is the case.
It is an attack Site with a fixed IP address and clearly registered URL. If it is a known Attack site, why has it not been shut down by the poilice already?
Full details of the evidence:
I have evidence below that suggests the server mentioned cpc124328-ayle4-2-0-cust48.15-2.cable.virginm.net may have been infected by malware, Firefox lists the site mentioned as an Attack Site. Follow the explanations below for more details. Please investigate whether you actually have a nasty infection or have been hacked in some way. When you are there are no middle attacks sure you are clean can you get your site removed from Firefox's black list.
I have looked on other black lists and the site does not seem to be listed on the first three I looked at. So this may be a false positive on Firefox's part but it is always worth checking.
The reason for this query was curiosity on my part. is this site Virgin Media or not?
I have had several successful log ins to my YAHOO! accounts from an unknown address to me and thought some may be hacking me. YAHOO! say this may be from my ISP, Virgin Media:
==============================================================================================
Newtownabbey, Northern Ireland, United Kingdom Mon, Jun 12, 2017 10:11 AM BST
IP: 81.99.67.49
==============================================================================================
I have changed my passwords several times it has not stopped these log-ins. So I suspected even more that this must be Virgin Media.
It is always the same IP address. Pinging /a gives the following result.
ping /a 81.99.67.49 Pinging cpc124328-ayle4-2-0-cust48.15-2.cable.virginm.net [81.99.67.49]
The name is also indicative of a Virgin Media site. However, browsing in Firefox to http://cpc124328-ayle4-2-0-cust48.15-2.cable.virginm.net, http://cable.virginm.net or http://virginm.net gives
==============================================================================================
Reported Attack Page!
This web page at virginm.net has been reported as an attack page and has been blocked based on your security preferences.
Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.
Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
==============================================================================================
Not Server Error or Page not found but Firefox's black list response to a known Attack Site.
Distinctly worrying as I would not want a hacker adding spyware to my or anyone else's emails using Virgin Media's ISP service.
Looking up the registered owner of the server name through http://whois.domaintools.com/virginm.net confirms absolutely that the registered owner of virginm.net is: VIRGIN MEDIA BUSINESS Domain Name: VIRGINM.NET Registry Domain ID: 859644475_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: www.enom.com Updated Date: 2017-02-06T01:17:40.00Z Creation Date: 2007-03-07T12:22:23.00Z Registrar Registration Expiration Date: 2018-03-07T12:22:00.00Z Registrar: ENOM, INC. Registrar IANA ID: 48 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: DUTY HOSTMASTER Registrant Organization: VIRGIN MEDIA BUSINESS Registrant Street: UNIT B, FOUNTAIN COURT, FOUNTAIN LANE, Registrant Street: ST MELLONS Registrant City: CARDIFF Registrant State/Province: GB Registrant Postal Code: CF3 0FB Registrant Country: GB Registrant Phone: +44.02920305050 Registrant Phone Ext: Registrant Fax: +44.02920305236 Registrant Fax Ext: Registrant Email: [email protected]
Thus Confirming that "Virgin Media Business" is the refistered owner. "VIRGIN MEDIA BUSINESS" does not sound like a real Ltd/PLC business name but more like a sole trader
Doing the same for virginmedia gives http://whois.domaintools.com/virginmedia.com lists different registrar and registered owner. Domain Name: virginmedia.com Registry Domain ID: 3940644_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.corporatedomains.com Registrar URL: www.cscprotectsbrands.com Updated Date: 2017-02-23T06:31:29Z Creation Date: 1999-02-27T05:00:00Z Registrar Registration Expiration Date: 2019-02-27T05:00:00Z Registrar: CSC CORPORATE DOMAINS, INC. Registrar IANA ID: 299 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: +1.8887802723 Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Domain Administrator Registrant Organization: Virgin Enterprises Limited Registrant Street: 120 Campden Hill Road Registrant City: London Registrant State/Province: . Registrant Postal Code: W87AR Registrant Country: GB Registrant Phone: +044.2073.132000 Registrant Phone Ext: Registrant Fax: +044.2073.132091 Registrant Fax Ext: Registrant Email: Registry Admin ID: Admin Name: Domain Administrator Admin Organization: Virgin Enterprises Limited Admin Street: 120 Campden Hill Road Admin City: London Admin State/Province: . Admin Postal Code: W87AR Admin Country: GB Admin Phone: +044.2073.132000 Admin Phone Ext: Admin Fax: +044.2073.132091 Admin Fax Ext: Admin Email: Registry Tech ID: Tech Name: Virgin Media Business Tech Organization: Virgin Media Business Tech Street: Fountain Court Tech City: Cardiff Tech State/Province: Tech Postal Code: CF3 0FB Tech Country: GB Tech Phone: +44.2920305050 Tech Phone Ext: Tech Fax: +44.1633710236 Tech Fax Ext: Tech Email: Name Server: ns1.virginmedia.net Name Server: ns3.virginmedia.net Name Server: ns4.virginmedia.net Name Server: ns2.virginmedia.net DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ Tools VirginMedia.com Available TLDs
General TLDs Country TLDs
The following domains are available through our preferred partners. Select domains below for more information. (3rd party site)
Taken domain. Available domain. Deleted previously owned domain.
VirginMedia.com View Whois VirginMedia.net View Whois VirginMedia.org View Whois VirginMedia.info View Whois VirginMedia.biz View Whois VirginMedia.us View Whois
Virgin Media Enterprises Ltd != VIRGIN MEDIA BUSINESS.
Obviously I do not want attack site between my ISP and my web emails. Help!
With thanks in advance
Robin Murison
All Replies (3)
What does your ISP have to say regarding this?
Ny ISP has not got back to me yet. I will let you if/when they do.
My ISP has got back to me apparently it is my own IPv4 address. Although I am confused as why I get login's from Aylesbury and Northern Ireland.
I have 3 laptops and 3 internet connected desktops on my network. Two of the desktops are usually turned off.
Apache is not installed on any of them and IIS & IIS Express is installed on two of the desktops but only one is usually turned on.
I have done a complete Kaspersky virus scan of both machines that have IIS & IIS Express installed and they have reported both machine as squeeky clean (at least according to Kaspersky).
Can you reassess if my machine is an attack site and let me know the result?
Have you any other advice on how to make my system cleaner and more importantly how to keep it clean.
Thanks for your help so far.
Best wishes Robin Murison