how-to block ads
|
|
Share Topic
 |
 |
|
|
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
 ·Comcast Business..
 ·Vonage
 ·Cingular Wireless
·Comcast
| reply to tshirt
Re: [Connectivity] www.usbank.com not reachable from my Comcastsaid by tshirt:Working fine here, BUT I have had problems with that site before.
Also try direct to the secure site (HTTPS) as sometimes the http redirector (your link) fails.
BTW pingplotter resolves 170.135.216.181 as bnkuse.com which links to some suspious results when googled.
I tried (and posted) both the http and the https links. Also, suspicious or not, 170.135.216.181 is the IP address in the A record for www.usbank.com no matter whose DNS server I try.
C:\>dig www.usbank.com
; <<>> DiG 9.9.2 <<>> www.usbank.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50374
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 249 IN A 170.135.216.181
;; Query time: 0 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Tue Dec 18 15:18:40 2012
;; MSG SIZE rcvd: 59
C:\>dig @75.75.75.75 www.usbank.com
; <<>> DiG 9.9.2 <<>> @75.75.75.75 www.usbank.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12440
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 745 IN A 170.135.216.181
;; Query time: 124 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Tue Dec 18 15:19:04 2012
;; MSG SIZE rcvd: 59
C:\>dig @68.94.156.1 www.usbank.com
; <<>> DiG 9.9.2 <<>> @68.94.156.1 www.usbank.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62816
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 900 IN A 170.135.216.181
;; Query time: 124 msec
;; SERVER: 68.94.156.1#53(68.94.156.1)
;; WHEN: Tue Dec 18 15:19:46 2012
;; MSG SIZE rcvd: 59
C:\>dig @8.8.8.8 www.usbank.com
; <<>> DiG 9.9.2 <<>> @8.8.8.8 www.usbank.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49514
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 547 IN A 170.135.216.181
;; Query time: 46 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 18 15:20:19 2012
;; MSG SIZE rcvd: 59
C:\>dig @4.2.2.1 www.usbank.com
; <<>> DiG 9.9.2 <<>> @4.2.2.1 www.usbank.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35180
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 900 IN A 170.135.216.181
;; Query time: 124 msec
;; SERVER: 4.2.2.1#53(4.2.2.1)
;; WHEN: Tue Dec 18 15:20:31 2012
;; MSG SIZE rcvd: 59
Doing a DNS lookup for the IP address 170.135.216.181 shows a large number of PTR records pointing to what appear to be US Bank owned or affiliated sites. That many PTR records is unusual, but not necessarily suspicious.
C:\>dig -x 170.135.216.181
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.9.2 <<>> -x 170.135.216.181
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2519
;; flags: qr rd ra; QUERY: 1, ANSWER: 124, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;181.216.135.170.in-addr.arpa. IN PTR
;; ANSWER SECTION:
181.216.135.170.in-addr.arpa. 1695 IN PTR practicefinance.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankhomeloans.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR financingpartner.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarinsurance.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR ralphscreditcard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarcommercial.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR weststar-mortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarhomemortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarstellarfunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankfirsthomehelp.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankhomemortgages.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR currencyexpress.firstar.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarsmallbusiness.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank-home-mortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarcorporatetrust.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarglobalservices.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarstudentfinance.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarinvestorservice.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank-first-home-help.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR downeysavingsonlinebanking.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR cdo.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.fwms.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.cbofl.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.sweeps.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.reivisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.surveys.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.vailbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.cachevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.moneypass.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.vailbanks.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.usbankvisa.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstar-mfs.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstar401k.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarfunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.fmcreditcard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.grabcashfast.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.gymboreevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR mychoicebanking.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.porticofunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.vailbanksinc.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.weststarbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.cpssalestools.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.123rewardscard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.uconnectonline.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.heritagemontana.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarinsurance.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.ralphscreditcard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarcommercial.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.weststar-mortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarhomemortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarstellarfunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarsmallbusiness.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarcorporatetrust.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarglobalservices.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarstudentfinance.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarinvestorservice.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR epay.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR fwms.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR pffb.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR cbofl.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR ecash.fsbnm.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR ubank.biz.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbhm.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR 032www.cachevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR artown.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR bnkusa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR online.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR sweeps.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR topusb.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank.cc.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank.biz.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank.info.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstar.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR pffbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR reivisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR retechs.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR surveys.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR uat-www.reivisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR us-bank.us.
181.216.135.170.in-addr.arpa. 1695 IN PTR facts529.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR frysvisa.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR frysvisa.org.
181.216.135.170.in-addr.arpa. 1695 IN PTR payments.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR u-s-bank.us.
181.216.135.170.in-addr.arpa. 1695 IN PTR u-s-bank.biz.
181.216.135.170.in-addr.arpa. 1695 IN PTR u-s-bank.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR u-s-bank.org.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankhr.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbanksl.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbtrust.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR vailbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR cachevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR swiftsend.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.cc.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.us.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.biz.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.org.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.info.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankeve.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR vailbanks.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR testrecord.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankvisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankvisa.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankvisa.org.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstar-mfs.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstar401k.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR epymtservice.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarfunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR fmcreditcard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR grabcashfast.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR gymboreevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR porticofunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR vailbanksinc.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR weststarbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR cpssalestools.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR downeysavings.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR 123rewardscard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR communications.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorptrust.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankhomeloan.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR heritagemontana.com.
;; Query time: 562 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Tue Dec 18 15:31:47 2012
;; MSG SIZE rcvd: 3258
What is suspicious is a whois query for IP address 170.135.216.181. Privacy Protect in Shanghai, China? 
C:\>whois 170.135.216.181
Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich
Connecting to COM.whois-servers.net...
Connecting to whois.hebeidomains.com...
HERITAGEMONTANA.COM
Privacy Protect
General Delivery/Poste restante
855 Tianyaoqiao Lu
2000 Shanghai, China
All Postal Mails Will Be Rejected, do not mail there anything !
Tel.: +55.1137117371
Email: HERITAGEMONTANA.COM (at) privacy--protect.org
Administrative:
HERITAGEMONTANA.COM
Privacy Protect
General Delivery/Poste restante
855 Tianyaoqiao Lu
2000 Shanghai, China
All Postal Mails Will Be Rejected, do not mail there anything !
Tel.: +55.1137117371
Email: HERITAGEMONTANA.COM (at) privacy--protect.org
Technical:
HERITAGEMONTANA.COM
Privacy Protect
General Delivery/Poste restante
855 Tianyaoqiao Lu
2000 Shanghai, China
All Postal Mails Will Be Rejected, do not mail there anything !
Tel.: +55.1137117371
Email: HERITAGEMONTANA.COM (at) privacy--protect.org
For contacting domain owner send email to above email address
or visit Privacy--Protect.org and send it via form there
This is whois privacy protection
We will reveal registrant's info for UDRP proceeding
or after relevant authorities request in our jurisdiction
===============================================================
===============================================================
===============================================================
The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about
or related to a domain name registration record. We make this information
available "as is", and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful purposes
and that, under no circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress
or load this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited
commercial advertising or solicitations via direct mail, electronic mail,
or by telephone.
The compilation, repackaging, dissemination or other use of this data is
expressly prohibited without prior written consent from us. The Registrar
of record is HebeiDomains.com. We reserve the right to modify these terms
at any time. By submitting this query, you agree to abide by these terms.
Request number 1 from 5 daily allowed from your IP address.
Email to trick bots (does not work) HERITAGEMONTANA.COM@hotmail.com
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. | | |
|
| What's this dig command ur using? | |
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| said by OSUGoose:What's this dig command ur using?
It is the DNS query tool that is supplied as part of the Bind DNS package. »www.isc.org/software/bind
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. | |
 JohnInSJPremium
join:2003-09-22
San Jose, CA
·PHONE POWER
·Comcast
| reply to NetFixer
said by NetFixer:said by tshirt:Working fine here, BUT I have had problems with that site before.
Also try direct to the secure site (HTTPS) as sometimes the http redirector (your link) fails.
BTW pingplotter resolves 170.135.216.181 as bnkuse.com which links to some suspious results when googled.
I tried (and posted) both the http and the https links. Also, suspicious or not, 170.135.216.181 is the IP address in the A record for www.usbank.com no matter whose DNS server I try.
C:\>dig www.usbank.com
; <<>> DiG 9.9.2 <<>> www.usbank.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50374
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 249 IN A 170.135.216.181
;; Query time: 0 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Tue Dec 18 15:18:40 2012
;; MSG SIZE rcvd: 59
C:\>dig @75.75.75.75 www.usbank.com
; <<>> DiG 9.9.2 <<>> @75.75.75.75 www.usbank.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12440
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 745 IN A 170.135.216.181
;; Query time: 124 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Tue Dec 18 15:19:04 2012
;; MSG SIZE rcvd: 59
C:\>dig @68.94.156.1 www.usbank.com
; <<>> DiG 9.9.2 <<>> @68.94.156.1 www.usbank.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62816
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 900 IN A 170.135.216.181
;; Query time: 124 msec
;; SERVER: 68.94.156.1#53(68.94.156.1)
;; WHEN: Tue Dec 18 15:19:46 2012
;; MSG SIZE rcvd: 59
C:\>dig @8.8.8.8 www.usbank.com
; <<>> DiG 9.9.2 <<>> @8.8.8.8 www.usbank.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49514
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 547 IN A 170.135.216.181
;; Query time: 46 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 18 15:20:19 2012
;; MSG SIZE rcvd: 59
C:\>dig @4.2.2.1 www.usbank.com
; <<>> DiG 9.9.2 <<>> @4.2.2.1 www.usbank.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35180
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.usbank.com. IN A
;; ANSWER SECTION:
www.usbank.com. 900 IN A 170.135.216.181
;; Query time: 124 msec
;; SERVER: 4.2.2.1#53(4.2.2.1)
;; WHEN: Tue Dec 18 15:20:31 2012
;; MSG SIZE rcvd: 59
Doing a DNS lookup for the IP address 170.135.216.181 shows a large number of PTR records pointing to what appear to be US Bank owned or affiliated sites. That many PTR records is unusual, but not necessarily suspicious.
C:\>dig -x 170.135.216.181
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.9.2 <<>> -x 170.135.216.181
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2519
;; flags: qr rd ra; QUERY: 1, ANSWER: 124, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;181.216.135.170.in-addr.arpa. IN PTR
;; ANSWER SECTION:
181.216.135.170.in-addr.arpa. 1695 IN PTR practicefinance.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankhomeloans.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR financingpartner.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarinsurance.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR ralphscreditcard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarcommercial.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR weststar-mortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarhomemortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarstellarfunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankfirsthomehelp.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankhomemortgages.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR currencyexpress.firstar.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarsmallbusiness.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank-home-mortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarcorporatetrust.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarglobalservices.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarstudentfinance.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarinvestorservice.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank-first-home-help.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR downeysavingsonlinebanking.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR cdo.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.fwms.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.cbofl.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.sweeps.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.reivisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.surveys.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.vailbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.cachevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.moneypass.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.vailbanks.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.usbankvisa.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstar-mfs.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstar401k.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarfunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.fmcreditcard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.grabcashfast.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.gymboreevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR mychoicebanking.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.porticofunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.vailbanksinc.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.weststarbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.cpssalestools.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.123rewardscard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.uconnectonline.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.heritagemontana.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarinsurance.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.ralphscreditcard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarcommercial.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.weststar-mortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarhomemortgage.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarstellarfunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarsmallbusiness.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarcorporatetrust.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarglobalservices.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarstudentfinance.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR www.firstarinvestorservice.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR epay.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR fwms.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR pffb.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR cbofl.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR ecash.fsbnm.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR ubank.biz.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbhm.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR 032www.cachevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR artown.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR bnkusa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR online.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR sweeps.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR topusb.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank.cc.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank.biz.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbank.info.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstar.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR pffbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR reivisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR retechs.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR surveys.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR uat-www.reivisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR us-bank.us.
181.216.135.170.in-addr.arpa. 1695 IN PTR facts529.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR frysvisa.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR frysvisa.org.
181.216.135.170.in-addr.arpa. 1695 IN PTR payments.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR u-s-bank.us.
181.216.135.170.in-addr.arpa. 1695 IN PTR u-s-bank.biz.
181.216.135.170.in-addr.arpa. 1695 IN PTR u-s-bank.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR u-s-bank.org.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankhr.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbanksl.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbtrust.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR vailbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR cachevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR swiftsend.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.cc.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.us.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.biz.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.org.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorp.info.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankeve.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR vailbanks.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR testrecord.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankvisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankvisa.net.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankvisa.org.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstar-mfs.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstar401k.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR epymtservice.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR firstarfunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR fmcreditcard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR grabcashfast.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR gymboreevisa.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR porticofunds.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR vailbanksinc.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR weststarbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR cpssalestools.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR downeysavings.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR 123rewardscard.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR communications.usbank.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbancorptrust.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR usbankhomeloan.com.
181.216.135.170.in-addr.arpa. 1695 IN PTR heritagemontana.com.
;; Query time: 562 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Tue Dec 18 15:31:47 2012
;; MSG SIZE rcvd: 3258
What is suspicious is a whois query for IP address 170.135.216.181. Privacy Protect in Shanghai, China?
C:\>whois 170.135.216.181
Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich
Connecting to COM.whois-servers.net...
Connecting to whois.hebeidomains.com...
HERITAGEMONTANA.COM
Privacy Protect
General Delivery/Poste restante
855 Tianyaoqiao Lu
2000 Shanghai, China
All Postal Mails Will Be Rejected, do not mail there anything !
Tel.: +55.1137117371
Email: HERITAGEMONTANA.COM (at) privacy--protect.org
Administrative:
HERITAGEMONTANA.COM
Privacy Protect
General Delivery/Poste restante
855 Tianyaoqiao Lu
2000 Shanghai, China
All Postal Mails Will Be Rejected, do not mail there anything !
Tel.: +55.1137117371
Email: HERITAGEMONTANA.COM (at) privacy--protect.org
Technical:
HERITAGEMONTANA.COM
Privacy Protect
General Delivery/Poste restante
855 Tianyaoqiao Lu
2000 Shanghai, China
All Postal Mails Will Be Rejected, do not mail there anything !
Tel.: +55.1137117371
Email: HERITAGEMONTANA.COM (at) privacy--protect.org
For contacting domain owner send email to above email address
or visit Privacy--Protect.org and send it via form there
This is whois privacy protection
We will reveal registrant's info for UDRP proceeding
or after relevant authorities request in our jurisdiction
===============================================================
===============================================================
===============================================================
The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about
or related to a domain name registration record. We make this information
available "as is", and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful purposes
and that, under no circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress
or load this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited
commercial advertising or solicitations via direct mail, electronic mail,
or by telephone.
The compilation, repackaging, dissemination or other use of this data is
expressly prohibited without prior written consent from us. The Registrar
of record is HebeiDomains.com. We reserve the right to modify these terms
at any time. By submitting this query, you agree to abide by these terms.
Request number 1 from 5 daily allowed from your IP address.
Email to trick bots (does not work) HERITAGEMONTANA.COM@hotmail.com
My Whois doesn't match yours. I am worried for you :) Mine matches the google result for whois 170.135.216.181 $ whois 170.135.216.181
#
# Query terms are ambiguous. The query is assumed to be:
# "n 170.135.216.181"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=170.135.216.181?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 170.135.0.0 - 170.135.255.255
CIDR: 170.135.0.0/16
OriginAS:
NetName: FIRSTBANK-B
NetHandle: NET-170-135-0-0-1
Parent: NET-170-0-0-0-0
NetType: Direct Assignment
RegDate: 1994-05-13
Updated: 2002-03-29
Ref: http://whois.arin.net/rest/net/NET-170-135-0-0-1
OrgName: First Bank System Inc.
OrgId: FBS-1
Address: 601 2nd Ave S
City: Minneapolis
StateProv: MN
PostalCode: 55402
Country: US
RegDate: 1994-05-13
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/FBS-1
OrgAbuseHandle: DTC8-ORG-ARIN
OrgAbuseName: Domain, Technical Contact
OrgAbusePhone: +1-503-261-5000
OrgAbuseEmail: domtech@usbank.com
OrgAbuseRef: http://whois.arin.net/rest/poc/DTC8-ORG-ARIN
OrgTechHandle: CKN23-ARIN
OrgTechName: No, Contact Known
OrgTechPhone: +1-800-555-1234
OrgTechEmail: nobody@example.com
OrgTechRef: http://whois.arin.net/rest/poc/CKN23-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
--
My place : »www.schettino.us | |
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| said by JohnInSJ:said by NetFixer:What is suspicious is a whois query for IP address 170.135.216.181.
Privacy Protect in Shanghai, China?
C:\>whois 170.135.216.181
Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich
Connecting to COM.whois-servers.net...
Connecting to whois.hebeidomains.com...
HERITAGEMONTANA.COM
Privacy Protect
General Delivery/Poste restante
855 Tianyaoqiao Lu
2000 Shanghai, China
All Postal Mails Will Be Rejected, do not mail there anything !
Tel.: +55.1137117371
Email: HERITAGEMONTANA.COM (at) privacy--protect.org
Administrative:
HERITAGEMONTANA.COM
Privacy Protect
General Delivery/Poste restante
855 Tianyaoqiao Lu
2000 Shanghai, China
All Postal Mails Will Be Rejected, do not mail there anything !
Tel.: +55.1137117371
Email: HERITAGEMONTANA.COM (at) privacy--protect.org
Technical:
HERITAGEMONTANA.COM
Privacy Protect
General Delivery/Poste restante
855 Tianyaoqiao Lu
2000 Shanghai, China
All Postal Mails Will Be Rejected, do not mail there anything !
Tel.: +55.1137117371
Email: HERITAGEMONTANA.COM (at) privacy--protect.org
For contacting domain owner send email to above email address
or visit Privacy--Protect.org and send it via form there
This is whois privacy protection
We will reveal registrant's info for UDRP proceeding
or after relevant authorities request in our jurisdiction
===============================================================
===============================================================
===============================================================
The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about
or related to a domain name registration record. We make this information
available "as is", and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful purposes
and that, under no circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress
or load this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited
commercial advertising or solicitations via direct mail, electronic mail,
or by telephone.
The compilation, repackaging, dissemination or other use of this data is
expressly prohibited without prior written consent from us. The Registrar
of record is HebeiDomains.com. We reserve the right to modify these terms
at any time. By submitting this query, you agree to abide by these terms.
Request number 1 from 5 daily allowed from your IP address.
Email to trick bots (does not work) HERITAGEMONTANA.COM@hotmail.com
My Whois doesn't match yours. I am worried for you :) Mine matches the google result for whois 170.135.216.181 $ whois 170.135.216.181
#
# Query terms are ambiguous. The query is assumed to be:
# "n 170.135.216.181"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=170.135.216.181?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 170.135.0.0 - 170.135.255.255
CIDR: 170.135.0.0/16
OriginAS:
NetName: FIRSTBANK-B
NetHandle: NET-170-135-0-0-1
Parent: NET-170-0-0-0-0
NetType: Direct Assignment
RegDate: 1994-05-13
Updated: 2002-03-29
Ref: http://whois.arin.net/rest/net/NET-170-135-0-0-1
OrgName: First Bank System Inc.
OrgId: FBS-1
Address: 601 2nd Ave S
City: Minneapolis
StateProv: MN
PostalCode: 55402
Country: US
RegDate: 1994-05-13
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/FBS-1
OrgAbuseHandle: DTC8-ORG-ARIN
OrgAbuseName: Domain, Technical Contact
OrgAbusePhone: +1-503-261-5000
OrgAbuseEmail: domtech@usbank.com
OrgAbuseRef: http://whois.arin.net/rest/poc/DTC8-ORG-ARIN
OrgTechHandle: CKN23-ARIN
OrgTechName: No, Contact Known
OrgTechPhone: +1-800-555-1234
OrgTechEmail: nobody@example.com
OrgTechRef: http://whois.arin.net/rest/poc/CKN23-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
Yep, if I do the whois query from my Linux server, I get the FirstBank (a US Bank predecessor) results too. webhost:/home/royces # whois 170.135.216.181
#
# Query terms are ambiguous. The query is assumed to be:
# "n 170.135.216.181"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=170.135.216.181?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 170.135.0.0 - 170.135.255.255
CIDR: 170.135.0.0/16
OriginAS:
NetName: FIRSTBANK-B
NetHandle: NET-170-135-0-0-1
Parent: NET-170-0-0-0-0
NetType: Direct Assignment
RegDate: 1994-05-13
Updated: 2002-03-29
Ref: http://whois.arin.net/rest/net/NET-170-135-0-0-1
OrgName: First Bank System Inc.
OrgId: FBS-1
Address: 601 2nd Ave S
City: Minneapolis
StateProv: MN
PostalCode: 55402
Country: US
RegDate: 1994-05-13
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/FBS-1
OrgTechHandle: CKN23-ARIN
OrgTechName: No, Contact Known
OrgTechPhone: +1-800-555-1234
OrgTechEmail: nobody@example.com
OrgTechRef: http://whois.arin.net/rest/poc/CKN23-ARIN
OrgAbuseHandle: DTC8-ORG-ARIN
OrgAbuseName: Domain, Technical Contact
OrgAbusePhone: +1-503-261-5000
OrgAbuseEmail: domtech@usbank.com
OrgAbuseRef: http://whois.arin.net/rest/poc/DTC8-ORG-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
I only recently installed the Mark Russinovich whois utility on my Windows boxes. So much for trusting Microsoft's port of a *nix utility. I guess I need to go back to using the GeekTools application instead. --
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. | |
 IowaCowboyWant to go back to IowaPremium
join:2010-10-16
Springfield, MA
·Comcast
·Verizon Broadban..
| reply to JohnInSJ
They still have domain names under the Firstar Brand?
US Bank bought Firstar in the late '90s or early 2000's. I know this because Firstar became US Bank when I still lived in Iowa and I moved to Massachusetts in 2002.
Banks were being bought out like crazy back then. Commercial Federal Bought out Perpetual Savings Bank and they are now Bank of the West. Bank of America bought out Fleet. My current bank, Berkshire Bank was Woronoco Savings Bank before being bought out by Berkshire Bank.
I bet many of these banks still have servers using the domain names of their former names.
When I had AT&T for cell phone, they had many of their apps under the domains of mycingular even though their name changed to AT&T. | |
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
1 edit | said by IowaCowboy:They still have domain names under the Firstar Brand?
US Bank bought Firstar in the late '90s or early 2000's. I know this because Firstar became US Bank when I still lived in Iowa and I moved to Massachusetts in 2002.
Banks were being bought out like crazy back then. Commercial Federal Bought out Perpetual Savings Bank and they are now Bank of the West. Bank of America bought out Fleet. My current bank, Berkshire Bank was Woronoco Savings Bank before being bought out by Berkshire Bank.
I bet many of these banks still have servers using the domain names of their former names.
When I had AT&T for cell phone, they had many of their apps under the domains of mycingular even though their name changed to AT&T.
It would appear that US Bank has indeed preserved many (if not all) of their predecessors' domain names.
I remember the buyout because I lost a third party maintenance contract after the US Bank purchase of Firstar. I used to maintain routers and other communication devices for Star Bank and Firstar in this area for a VAR who supplied the equipment.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. | |
|
