19 replies to this topic

[~BD~]

Hello folks!

As I'm sure some here will know, Aumha is well known as a 'help' site for those with computer problems.

I'm just a little confused. If I type www.Aumha.com into the address bar of my browser(s) - IE7 or AOL or Firefox 3, I am directed immediately to this URL:- hxxp://downloadprograms.biz/?rid=544620

I wondered if anyone here might hazard a guess as to what exactly goes on ...........

I'd appreciate any comments. TIA

Dave

[eXaByTe]

Does that for me too.

Hmm...


-eXaByTe

[nebon]

I got exactly the same thing. Maybe the site has been attacked?

[Dakeyras]

http://www.aumha.org/

[~BD~]

Dakeyras, on Jul 20 2008, 01:51 AM, said:

http://www.aumha.org/

Hi Dakeyras ......... thanks for your insight!

The AumHa forums are to be found here:- http://aumha.net/

So ..... that covers 'org' and 'net'. What I'm after discovering is why using 'com' whisks one off to a place with a completely different 'feel' to it.

Has anyone here spent any time at any of the AumHa sites? Encountered anything unusal?

Your comments welcomed. TIA

Dave

PS (via Edit) If I type http://www.malwarebytes.org into my browser, I'm taken to the 'expected' site, saying

Welcome to Malwarebytes

Malwarebytes is a site dedicated to fighting malware. Malwarebytes has developed a variety of tools that can identify and remove malicious software from your computer. When your computer becomes infected, Malwarebytes can provide the needed assistance to remove the infection and restore the machine back to optimum performance.

If I type in http://www.malwarebytes.net or http://www.malwarebytes.com I'm taken to the same site as when using 'org'.

I cannot help wondering why this doesn't happen in the case of AumHa. I expect there is a simple explanation, but I find unexpected things interesting!

Perhaps someone here will know the answer!

Dave

[Dakeyras]

Hi, you're welcome .

I am not a member of AumHa myself but it is feasible that the site owner has registered the various domains to stop plagiarism and or anything else that would shed the site in a bad light. Plus maybe just for the simple expediency it is handy to have a backup domain, could be a myriad of reasons really.

Use this site to check and good site to check any suspect url's you may have concerns about is this one.

Now say if I had a site and it was hxxp://www.DakeyrastheMammoth.com and it was high profile like the sites mentioned in this topic I think it would be prudent to register all other possible domain alternatives also as a precaution in case any nefarious types took objection to a Mammoth having a site . Ok joking aside I hope this post is of help explaining etc.

[~BD~]

Dakeyras, on Jul 20 2008, 12:24 PM, said:

Hi, you're welcome .

I am not a member of AumHa myself but it is feasible that the site owner has registered the various domains to stop plagiarism and or anything else that would shed the site in a bad light. Plus maybe just for the simple expediency it is handy to have a backup domain, could be a myriad of reasons really.

Use this site to check and good site to check any suspect url's you may have concerns about is this one.

Now say if I had a site and it was hxxp://www.DakeyrastheMammoth.com and it was high profile like the sites mentioned in this topic I think it would be prudent to register all other possible domain alternatives also as a precaution in case any nefarious types took objection to a Mammoth having a site . Ok joking aside I hope this post is of help explaining etc.

Thanks for your reply, Dakeyras

Did you try Site Adviser in respect of AumHa.com ?

My response was as per the attached! Curious!

Dave

Attached Images

• 

[Dakeyras]

Quote

Thanks for your reply, Dakeyras

Did you try Site Adviser in respect of AumHa.com ?

My response was as per the attached! Curious!

Dave

You're welcome Dave .

I did not personally try AumHa or the various domains associated because the site is well respected and staffed by many people highly respected also. A feasible explanation though, that particular variant of the domain has never been added to Site Adviser.

I only provided the links so in the future you can check any sites you may be wary about, I apologize if I was not clear enough about that.

Something of interest though if you use FireFox or just test the browser for these purposes, if like myself you like to experiment .

FireFox addon for Site Adviser: http://www.siteadvis...preinstall.html

A FireFox search performed via Google for AumHa, with the addon installed: http://www.google.co.uk/search?hl=en&q...earch&meta=

[eXaByTe]

Dakeyras, on Jul 19 2008, 06:51 PM, said:

http://www.aumha.org/

My compliments on your observation Dakeyras.




-eXaByTe

[JeanInMontana]

~BD~, on Jul 20 2008, 01:06 AM, said:

Hi Dakeyras ......... thanks for your insight!

The AumHa forums are to be found here:- http://aumha.net/

So ..... that covers 'org' and 'net'. What I'm after discovering is why using 'com' whisks one off to a place with a completely different 'feel' to it.

Has anyone here spent any time at any of the AumHa sites? Encountered anything unusal?

Your comments welcomed. TIA

Dave

PS (via Edit) If I type http://www.malwarebytes.org into my browser, I'm taken to the 'expected' site, saying

Welcome to Malwarebytes

Malwarebytes is a site dedicated to fighting malware. Malwarebytes has developed a variety of tools that can identify and remove malicious software from your computer. When your computer becomes infected, Malwarebytes can provide the needed assistance to remove the infection and restore the machine back to optimum performance.

If I type in http://www.malwarebytes.net or http://www.malwarebytes.com I'm taken to the same site as when using 'org'.

I cannot help wondering why this doesn't happen in the case of AumHa. I expect there is a simple explanation, but I find unexpected things interesting!

Perhaps someone here will know the answer!

Dave

Typing anything Malwarebytes brings you here because Marcin bought all domain extensions for that very reason. It keeps anyone from using the same well known name for malicious intent. I will see to it this site is added to SiteHound, and hpHosts.

[~BD~]

JeanInMontana, on Jul 21 2008, 09:37 PM, said:

Typing anything Malwarebytes brings you here because Marcin bought all domain extensions for that very reason. It keeps anyone from using the same well known name for malicious intent. I will see to it this site is added to SiteHound, and hpHosts.

I appreciate the replies received from everyone - thank you.

However ............

I still do not understand how/why I am directed to http://downloadprogr...biz/?rid=544620 when I type aumha.com into my browser!

It just doesn't feel right.

Any other comments, guys? TIA

Dave

[Dakeyras]

eXaByTe, on Jul 21 2008, 08:08 PM, said:

My compliments on your observation Dakeyras.




-eXaByTe

Thanks .

[JeanInMontana]

~BD~, on Jul 23 2008, 01:10 PM, said:

I appreciate the replies received from everyone - thank you.

However ............

I still do not understand how/why I am directed to http://downloadprogr...biz/?rid=544620 when I type aumha.com into my browser!

It just doesn't feel right.

Any other comments, guys? TIA

Dave

There is something wrong there. Possibly a hack in the Aumha site, or your infected.

[MysteryFCM]

It redirects because the owner of the domain wants it to do. It is NOT owned by the same (good) guys that own aumha.org

aumha.org (66.39.115.252)

Domain ID:D49193517-LROR 
Domain Name:AUMHA.ORG 
Created On:18-Dec-2000 21:09:25 UTC 
Last Updated On:16-Oct-2007 17:10:05 UTC 
Expiration Date:18-Dec-2009 21:09:25 UTC 
Sponsoring Registrar:pair Networks Inc. dba pairNIC (R103-LROR) 
Status:OK 
Registrant ID:JAE13832 
Registrant Name:James A. Eshelman 
Registrant Organization:Windows Support Center 
Registrant Street1:222 North Manhattan Place 
Registrant Street2: 
Registrant Street3: 
Registrant City:Los Angeles 
Registrant State/Province:CA 
Registrant Postal Code:90004 
Registrant Country:US

aumha.com (208.87.149.250 - 24 sites on this IP)

Registrant: 
Navigation Catalyst Systems, Inc 
2141 Rosecrans Ave. 
Suite 2020 
El Segundo, CA 90245 
Email: domainadmin@navigationcatalyst.com 
Phone: 3106471592 
Fax: 3106476001 

Domain Name: AUMHA.COM

http://vurl.mysteryf...ttp://aumha.com
http://hosts-file.ne...show=208.87.149.

[~BD~]

MysteryFCM, on Jul 24 2008, 06:22 PM, said:

It redirects because the owner of the domain wants it to do. It is NOT owned by the same (good) guys that own aumha.org

http://vurl.mysteryf...ttp://aumha.com
http://hosts-file.ne...show=208.87.149.

Hello Steven

That was very interesting information .......... but I've spent, literally, hours exploring, simply by following the links you posted!

I've looked here http://www.robtex.co.../aumha.com.html and note there are two duplicate ip numbers - which surely must be suspect?

I've also been intrigued to find that the usual address to get to the Aumha forums - http://aumha.net/ isn't the only way to go. I can also get there by going here - http://forum.aumha.org/ . This seems odd to me, but I expect you'll tell me that there is a simple reason which explains matters.

I've also visited this URL - http://www.robtex.co.../annex.com.html . I'd appreciate it if you'd have a quick read there and tell me if everything is as you might expect. There is no mention there of the sister operation http://www.Annexcafe.com which hosts 300+ newsgroups.

Thanks for any further guidance!

Dave

Edit: Spelling of Steven's name - sorry!

[MysteryFCM]

~BD~, on Jul 24 2008, 10:26 PM, said:

Hello Stephen

That was very interesting information .......... but I've spent, literally, hours exploring, simply by following the links you posted!

I've looked here http://www.robtex.co.../aumha.com.html and note there are two duplicate ip numbers - which surely must be suspect?

The first set of IP's is for the domain queried, the second (those in the 192. range), appears to be results for the entire com TLD name servers. Suspect indeed. However, 209.128.76.101 and 209.128.76.102 are the IP's for the aumha.com (NS) name servers.

~BD~, on Jul 24 2008, 10:26 PM, said:

I've also been intrigued to find that the usual address to get to the Aumha forums - http://aumha.net/ isn't the only way to go. I can also get there by going here - http://forum.aumha.org/ . This seems odd to me, but I expect you'll tell me that there is a simple reason which explains matters.

They also own .org

~BD~, on Jul 24 2008, 10:26 PM, said:

I've also visited this URL - http://www.robtex.co.../annex.com.html . I'd appreciate it if you'd have a quick read there and tell me if everything is as you might expect. There is no mention there of the sister operation http://www.Annexcafe.com which hosts 300+ newsgroups.

The only mention I can see of this, is at;

http://www.annex.com/annexcafe/

[~BD~]

Many thanks for looking, Steven.

Any thoughts about this? : http://www.robtex.co....annex.com.html

Dave

[MysteryFCM]

Though on the same IP as it's parent, it doesn't appear to have been used. Perhaps an internal hostname?

[~BD~]

MysteryFCM, on Jul 25 2008, 02:19 AM, said:

Though on the same IP as it's parent, it doesn't appear to have been used. Perhaps an internal hostname?

I really have no idea!

Why aren't you in bed?

[MysteryFCM]

Not tired