dliw
Running Dog
Premium
join:2003-03-09
Dog Pound
clubs:  
 ·Atlantic Broadband
| Unknown Connection
While checking connections via Active Ports I noticed a connection which didn't seem to be used by any of my programs. I did multiple scans using various tools and everything came back clean. The following is all the information I could find.
From checkdomain.com:Web Inc., Liquid
Liquid Web Inc.
4210 Creyts Rd.
Lansing, MI 48917
US
Domain Name: LIQUIDWEB.COM
Administrative Contact, Technical Contact:
Web Inc., Liquid webmaster@liquidweb.com
Liquid Web Inc.
4210 Creyts Rd.
Lansing, MI 48917
US
800-580-4985 fax: 517-322-0493
Record expires on 04-Aug-2006.
Record created on 05-Aug-1997.
Bulk whois optout: Y
Database last updated on 22-Apr-2006 07:10:26 EDT.
Domain servers in listed order:
NS.LIQUIDWEB.COM 209.59.139.20
NS1.LIQUIDWEB.COM 64.91.251.155
NS9.LIQUIDWEB.COM 64.191.66.85 From DSLR Tools:209.59.182.72 IS LISTED BY:
A Info
spammers.v6net.org 65.77.130.111
xbl.selwerd.cx 203.119.12.63
block.blars.org 127.1.0.32
TXT Info
--> fwhois 209.59.182.72@whois.arin.net
[whois.arin.net]
OrgName: Liquid Web, Inc.
OrgID: LQWB
Address: 4210 Creyts Rd.
City: Lansing
StateProv: MI
PostalCode: 48917
Country: US
ReferralServer: rwhois://rwhois.liquidweb.com:4321/
NetRange: 209.59.128.0 - 209.59.191.255
CIDR: 209.59.128.0/18
NetName: LIQUIDWEB-2
NetHandle: NET-209-59-128-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS.LIQUIDWEB.COM
NameServer: NS1.LIQUIDWEB.COM
Comment: rwhois://rwhois.liquidweb.com:4321/
RegDate: 2004-07-27
Updated: 2005-01-07
OrgAbuseHandle: ABUSE551-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-800-580-4985
OrgAbuseEmail: abuse@liquidweb.com
OrgTechHandle: IPADM47-ARIN
OrgTechName: IP Administrator
OrgTechPhone: +1-800-580-4985
OrgTechEmail: ipadmin@liquidweb.com
# ARIN WHOIS database, last updated 2006-04-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database. How do I figure out what program is connecting? Thank you in advance.
--
But what if you have a capacity for violence, and a deep love for your fellow citizens? What do you have then? A sheepdog, a warrior, someone who is walking the hero's path. By Lt.Col. (ret.) Dave Grossman, Army Ranger |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| try either tcpview
»www.sysinternals.com/Utilities/TcpView.html
or ActivePorts
»www.protect-me.com/freeware.html
Cudni |
|
dliw
Running Dog
Premium
join:2003-03-09
Dog Pound
clubs: | Thank you Cudni  . Have ActivePorts now, will try tcpview. |
|
Seandhi
Seeing From a New Level
Premium
join:2003-04-19
Humble, TX | reply to dliw
Run "netstat -b" from the command prompt. |
|
caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA
 ·WebBand
3 edits | reply to dliw
--- 04/22/06 07:16:00 Pacific Daylight Time
--- reading URL 209.59.182.72
--- contacting host [209.59.182.72] on port 80
HTTP/1.1 200 OK
Date: Sat, 22 Apr 2006 14:16:05 GMT
Server: Apache/1.3.34 (Unix) mod_gzip/1.3.26.1a mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a PHP-CGI/0.1b
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Pingback: http://www.onejerusalem.com/xmlrpc.php
X-Powered-By: PHP/4.4.1
Set-Cookie: PHPSESSID=7119d3ad7cd323eb80ece0c040fe0c32; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
It's an "Israel Jerusalem and Middle East Blog Magazine"
That IP's actually »www.onejerusalem.com but going strictly by the IP, it messes up a bit.
His DNS report is kinda odd.
»www.dnsreport.com/tools/dnsrepor···alem.com
Report on the IP:
»www.nwtools.com/default.asp?prog···9.182.72
Report on the domain:
»www.nwtools.com/default.asp?prog···alem.com
They match, but the records are different. It must be a misconfiguration or a recently moved site that has DNS not totally propogated still??
More weird:
Domain Name: ONEJERUSALEM.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: »registrar.godaddy.com
Name Server: HOST2.SUNTRADER.COM
Name Server: HOST1.SUNTRADER.COM
Status: REGISTRAR-LOCK
Updated Date: 19-oct-2005
Creation Date: 01-apr-1999
Expiration Date: 19-oct-2006
Looks like it was just updated for a year.
Is it hijacked, bad config, fake whois, or just sloppy?
IDK...oh well..I was bored anyway. :D
-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein |
|
T Bell
You Can Fly
Premium
join:2003-10-23
Terra Firma
| reply to dliw
Do you have Screamer Radio ( »www.screamer-radio.com/ ) installed? LIQUIDWEB.COM is streaming audio.
--
Looking to buy 40GB External Hard Drive |
|
dliw
Running Dog
Premium
join:2003-03-09
Dog Pound
clubs:
·Atlantic Broadband
| reply to dliw
My apologies for the late reply. Thank you for the assistance rendered.
I was reading »www.onejerusalem.com/ a bit before I noticed the strange connection. Maybe for one reason or another the connection wasn't properly terminated. Haven't seen it since I first posted this request.
T Bell , don't have Screamer Radio. Do you use it? How good is the quality of the sound?
Thank you Cudni , Seandhi , caffeinator and T Bell . Very much appreciate the assistance.
--
But what if you have a capacity for violence, and a deep love for your fellow citizens? What do you have then? A sheepdog, a warrior, someone who is walking the hero's path. By Lt.Col. (ret.) Dave Grossman, Army Ranger |
|
caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA
·WebBand
| You're welcome 
In TCPview, I did notice a number of connects to what appeared to be RSS/XML feeds of some kind when I visited the site.
-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein |
|
T Bell
You Can Fly
Premium
join:2003-10-23
Terra Firma
| reply to dliw
You're welcome, dliw , and glad your problem is solved.
Screamer is fantastic, and I only learned of it recently myself. The recordings are pristine. »[Free] Internet Radio Recorder?
--
Looking to buy 40GB External Hard Drive |
|
