ALERT: treat any content from dentsu-inc.com with extreme caution

Reports have been received that there have been attempts to sell malvertizements, with contact being made by email, with the correspondent using the email address @dentsu-inc.com.

Dentsu is a large Japanese agency, but their real domain is @dentsu.com (no inc).

dentsu-inc.com was registered, not surprisingly, by the infamous Estdomains Inc. The domain was created on 24 June 2008.

Danger signs:

1. The person selling the advertisement resisted requests to talk on the telephone.

2. Dentsu may be a very well known agency, but dentsu-inc.com is *not* the URL that the legitimate company uses.

3. Estdomains Inc is the registration service that was used for dentsu-inc.com.

4. The domain is only a few months old.

5. Estboxes.com supplies the nameservers:

Query for dentsu-inc.com type=255 class=1
dentsu-inc.com NS (Nameserver) managedns1.estboxes.com
dentsu-inc.com NS (Nameserver) managedns2.estboxes.com
dentsu-inc.com NS (Nameserver) managedns3.estboxes.com
dentsu-inc.com NS (Nameserver) managedns4.estboxes.com
managedns2.estboxes.com A (Address) 69.50.183.26
managedns3.estboxes.com A (Address) 69.50.182.22
managedns4.estboxes.com A (Address) 69.50.183.30
managedns1.estboxes.com A (Address) 69.50.182.20

This does not match with the services used by the legitimate dentsu.com web site:

Query for dentsu.com type=255 class=1
dentsu.com NS (Nameserver) gatekeeper.isid-us.com
dentsu.com NS (Nameserver) gatekeeper2.isid-us.com
dentsu.com NS (Nameserver) ns.dentsu.com
dentsu.com NS (Nameserver) ns1.dentsu.co.jp
gatekeeper2.isid-us.com A (Address) 69.60.2.178
ns.dentsu.com A (Address) 69.60.2.179
gatekeeper.isid-us.com A (Address) 69.60.2.177

6. The IP address for the server hosting dentsu-inc.com is 85.255.122.4 (which is owned by the UkrTeleGroup in the Ukraine). The URL itself automatically redirects to the legitimate Dentsu site, so if you don't look at what is going on behind the scenes, all you will see is a commonly experienced redirect. It is *what/who* is redirecting you that is important in this case, not your end destination.

09/09/08 08:36:58 Browsing http://dentsu-inc.com/
Fetching http://dentsu-inc.com/ ...
GET / HTTP/1.1
Host: dentsu-inc.com
Connection: close
User-Agent: ****
HTTP/1.1 302 Moved Temporarily
Connection: close
Proxy-Connection: close
Date: Tue, 09 Sep 2008 00:37:01 GMT
Location: http://dentsu.com
Server: Directi Server 1.1

7. There are 1,196 other sites hosted on the same server as dentsu-inc.com, a very unusual situation for a company as large as Dentsu. You would expect such a well known, large, corporation to use dedicated hosting.

Published Tue, Sep 9 2008 10:25 by sandi

Filed under: Security, safety and privacy on the Internet, Vulnerabilities, viruses and exploits

Comments

# re: ALERT: treat any content from dentsu-inc.com with extreme caution

Wednesday, September 10, 2008 11:58 AM by Turkey

Estdomains Inc is the registration service that was used for dentsu-inc.com.

Thanks

Spyware Sucks

Blog Recent Posts

Syndication

Search

News

Blog Archive List

Tag Cloud