thesource.ofallevil.com ?

  • Thread starter Thread starter JanJ
  • Start date Start date
Previous conversations about this:

http://groups.google.com/groups/search?ie=...rosoft.public.*

[NB: above link not clickable for intended results copy the link, including
the ending period and asterisk, and paste into Address Bar.]
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

JanJ wrote:
> What's this? A phishing site?
>
> http://thesource.ofallevil.com/communities....vista.security
>
> It has Live-ID log-in, but the dns name and IP-addy aren't Redmond's, but
> Theplanet.com, a web host in Houston. The Live-ID log-in button takes you
> to
> live.com, but the log-in doesn't work.
>
> Or is it just a geeky joke, hence the site name?
>
> JJ
 
"PA Bear [MS MVP]" wrote:

> Previous conversations about this:
>
>
>http://groups.google.com/groups/search?ie=...rosoft.public.*
>

Thanx PA Bear. I read the threads, but there is one question I can't find an
answer to. This site has a Live-ID sign-in button. Clicking it sends you
straight to login.live.com, which is a legit MS site. Still I wonder, can
thesource.ofallevil.com intercept a Live-ID and password when you enter this
info at live.com, having been referred from the non-MS site first? Not that
I'm willing to try...

I find it strange that login.live.com appears to be down when I'm referred
from there, but it's not when I click a sign-in button at Microsoft.com.

Also, does anybody know who is actually operating thesource.ofallevil.com?

JJ
 
http://spiresecurity.typepad.com/spire_sec...s_thesourc.html

Drop thesource.ofallevil.com in Google and you will see several more
hits.

--
All the best,
SG

Is your computer system ready for Vista?
https://winqual.microsoft.com/hcl/

"JanJ" wrote in message
news:B4A70EEC-032B-4184-9D8D-30CA4113AF26@microsoft.com...
>
> "PA Bear [MS MVP]" wrote:
>
>> Previous conversations about this:
>>
>>
>>http://groups.google.com/groups/search?ie=...rosoft.public.*
>>
>
> Thanx PA Bear. I read the threads, but there is one question I can't find
> an
> answer to. This site has a Live-ID sign-in button. Clicking it sends you
> straight to login.live.com, which is a legit MS site. Still I wonder, can
> thesource.ofallevil.com intercept a Live-ID and password when you enter
> this
> info at live.com, having been referred from the non-MS site first? Not
> that
> I'm willing to try...
>
> I find it strange that login.live.com appears to be down when I'm referred
> from there, but it's not when I click a sign-in button at Microsoft.com.
>
> Also, does anybody know who is actually operating thesource.ofallevil.com?
>
> JJ
>
 
JanJ674545 Wrote:
> What's this? A phishing site?
>
> 'Discussions in Windows Vista Security'
> (http://thesource.ofallevil.com/communities....vista.security)
>
> It has Live-ID log-in, but the dns name and IP-addy aren't Redmond's,
> but
> Theplanet.com, a web host in Houston. The Live-ID log-in button takes
> you to
> live.com, but the log-in doesn't work.
>
> Or is it just a geeky joke, hence the site name?
>
> JJ

I looked at it and the google references. It looks like a joke being
played on Microsoft.


--
.Joe

_[image:
http://uswave.net/vistax64/joetmvx64.png] (\"http://www.vistax64.com\")_
_*::Click_here_for_the_Vista_Forums::* (\"http://www.vistax64.com/index.php?referrerid=17621\")_
_Geekbench_Score:_4050 (\"http://browse.geekbench.ca/geekbench2/view/42901\")_
_CPU-Z_Verified (\"http://valid.x86-secret.com/show_oc.php?id=323179\")_
_**_
 
JanJ wrote:
> "PA Bear [MS MVP]" wrote:
>> Previous conversations about this:
>>
>> http://groups.google.com/groups/search?ie=...rosoft.public.*
>>
> Thanx PA Bear. I read the threads, but there is one question I can't find
> an
> answer to. This site has a Live-ID sign-in button. Clicking it sends you
> straight to login.live.com, which is a legit MS site. Still I wonder, can
> thesource.ofallevil.com intercept a Live-ID and password when you enter
> this
> info at live.com, having been referred from the non-MS site first? Not
> that
> I'm willing to try...
>
> I find it strange that login.live.com appears to be down when I'm referred
> from there, but it's not when I click a sign-in button at Microsoft.com.
>
> Also, does anybody know who is actually operating thesource.ofallevil.com?

All I can tell you is the MS is aware of it. Given their reluctance to say
anything else publicly and the fact that the link still takes you to a real
MS page, one might assume MS (now) owns the domain.
 
"PA Bear [MS MVP]" wrote:

> All I can tell you is the MS is aware of it. Given their reluctance to say
> anything else publicly and the fact that the link still takes you to a real
> MS page, one might assume MS (now) owns the domain.

A cheap SEO trick, then. Who'd guess... Thanx for replying. Anyway, think
I'm gonna watch carefully for what "Microsoft" sites show up in web searches
from now on.

JJ
 
JanJ wrote:
> "PA Bear [MS MVP]" wrote:
>> All I can tell you is the MS is aware of it. Given their reluctance to
>> say
>> anything else publicly and the fact that the link still takes you to a
>> real
>> MS page, one might assume MS (now) owns the domain.
>
> A cheap SEO trick, then. Who'd guess... Thanx for replying. Anyway, think
> I'm gonna watch carefully for what "Microsoft" sites show up in web
> searches
> from now on.

You may find Site Advisor (free) helpful for that!
http://www.siteadvisor.com/
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
 
"PA Bear [MS MVP]" wrote in message
news:u#YH7TZmIHA.5684@TK2MSFTNGP03.phx.gbl...
> JanJ wrote:
>> "PA Bear [MS MVP]" wrote:
>>> All I can tell you is the MS is aware of it. Given their reluctance to
>>> say
>>> anything else publicly and the fact that the link still takes you to a
>>> real
>>> MS page, one might assume MS (now) owns the domain.
>>
>> A cheap SEO trick, then. Who'd guess... Thanx for replying. Anyway, think
>> I'm gonna watch carefully for what "Microsoft" sites show up in web
>> searches
>> from now on.
>
> You may find Site Advisor (free) helpful for that!
> http://www.siteadvisor.com/
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/

Mr. Dyer,

Is Site Advisor compatible with Vista? Have you seen any posts stating
that Site Advisor has caused any problems?
Thank you for any assistance provided.

C.B.


--
It is the responsibility and duty of everyone to help the underprivileged
and unfortunate among us.
 
"C.B." wrote:

> >
> > You may find Site Advisor (free) helpful for that!
> > http://www.siteadvisor.com/
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > AumHa VSOP & Admin http://aumha.net
> > DTS-L http://dts-l.net/
>
> Mr. Dyer,
>
> Is Site Advisor compatible with Vista? Have you seen any posts stating
> that Site Advisor has caused any problems?
> Thank you for any assistance provided.
>
> C.B.

I took PA Bear's advice and installed SiteAdvisor on my XP-Vista dual boot
machine. Works just fine on both systems, although it slows down the loading
of IE a bit, but I think it's worth it.

JJ
 
"JanJ" wrote in message
news:44B771B7-27CB-4791-BF30-FA6E0C13DCF5@microsoft.com...
>
> "C.B." wrote:
>
>> >
>> > You may find Site Advisor (free) helpful for that!
>> > http://www.siteadvisor.com/
>> > --
>> > ~Robear Dyer (PA Bear)
>> > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> > AumHa VSOP & Admin http://aumha.net
>> > DTS-L http://dts-l.net/
>>
>> Mr. Dyer,
>>
>> Is Site Advisor compatible with Vista? Have you seen any posts
>> stating
>> that Site Advisor has caused any problems?
>> Thank you for any assistance provided.
>>
>> C.B.
>
> I took PA Bear's advice and installed SiteAdvisor on my XP-Vista dual boot
> machine. Works just fine on both systems, although it slows down the
> loading
> of IE a bit, but I think it's worth it.
>
> JJ


JJ,

Thank you for the reply. I appreciate the information. I'm not
concerned about the load time of IE or the speed at which I can access a
webpage.
I'm more concerned with security, even though it is a rare occasion for
me to get any type of spyware or adware on this system. I haven't had any
true malware during the past three years.
As you are already aware, the amount of infections you get on your
system is directly related to your computing habits.
Again, thank you for the reply.

C.B.


--
It is the responsibility and duty of everyone to help the underprivileged
and unfortunate among us.
 
JJ,

Little more research on this and appears MS does own it.

Order 1
IP Address 207.46.19.254
Status Succeed
Country USA - Washington
Network Name MICROSOFT-GLOBAL-NET
Owner Name Microsoft Corp
From IP 207.46.0.0
To IP 207.46.255.255
Allocated Yes
Contact Name Microsoft Corp
Address One Microsoft Way
Redmond

Email iprrms@microsoft.com
Abuse Email abuse@msn.com
Phone +1-425-882-8080
Fax
Whois Source ARIN
Host Name thesource.ofallevil.com
Resolved Name wwwbaytest2.microsoft.com


--
All the best,
SG

Is your computer system ready for Vista?
https://winqual.microsoft.com/hcl/

"JanJ" wrote in message
news:889D6386-51E3-49D8-B5B0-46723B60BDBB@microsoft.com...
>
>
> "SG" wrote:
>
>> http://spiresecurity.typepad.com/spire_sec...s_thesourc.html
>
>
> Appreciate it, SG.
>
> JJ
 
"SG" wrote:

> Little more research on this and appears MS does own it.
>
> Order 1
> IP Address 207.46.19.254
> Status Succeed
> Country USA - Washington
> Network Name MICROSOFT-GLOBAL-NET
> Owner Name Microsoft Corp

Seems MS owns the subdomain, it's strange they don't just redirect it to
microsoft.com. I just whois'ed for ofallevil.com the first time, when this TX
ISP showed up.

Anyway, you found the answer to my question, SG. This isn't a phishing site.

Thanx,

JJ
 
It isn't ours.

Several years ago someone registered the ofallevil.com domain, then setup a
DNS server with a "thesource" CNAME that points thesource.ofallevil.com to
www.microsoft.com.

Although it's pretty juvenile behavior, it isn't illegal, and there's really
nothing we can do about it. Periodically the owner of this domain moves it
from one registrar to another. Here's where it sits now:
http://samspade.org/whois?query=ofallevil.comserver=auto

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"SG" wrote in message
news:Ok#g3qgoIHA.4928@TK2MSFTNGP04.phx.gbl...
> JJ,
>
> Little more research on this and appears MS does own it.
>
> Order 1
> IP Address 207.46.19.254
> Status Succeed
> Country USA - Washington
> Network Name MICROSOFT-GLOBAL-NET
> Owner Name Microsoft Corp
> From IP 207.46.0.0
> To IP 207.46.255.255
> Allocated Yes
> Contact Name Microsoft Corp
> Address One Microsoft Way
> Redmond
>
> Email iprrms@microsoft.com
> Abuse Email abuse@msn.com
> Phone +1-425-882-8080
> Fax
> Whois Source ARIN
> Host Name thesource.ofallevil.com
> Resolved Name wwwbaytest2.microsoft.com
>
>
> --
> All the best,
> SG
>
> Is your computer system ready for Vista?
> https://winqual.microsoft.com/hcl/
>
> "JanJ" wrote in message
> news:889D6386-51E3-49D8-B5B0-46723B60BDBB@microsoft.com...
>>
>>
>> "SG" wrote:
>>
>>> http://spiresecurity.typepad.com/spire_sec...s_thesourc.html
>>
>>
>> Appreciate it, SG.
>>
>> JJ
>
 
Hi Steve,

Thanks for clearing this up. One question if you don't mind. What gain do
these people have by doing this?

--
All the best,
SG

Is your computer system ready for Vista?
https://winqual.microsoft.com/hcl/

"Steve Riley [MSFT]" wrote in message
news:96B8DFFD-01A0-4391-B45A-3370D1EB1F9C@microsoft.com...
> It isn't ours.
>
> Several years ago someone registered the ofallevil.com domain, then setup
> a DNS server with a "thesource" CNAME that points thesource.ofallevil.com
> to www.microsoft.com.
>
> Although it's pretty juvenile behavior, it isn't illegal, and there's
> really nothing we can do about it. Periodically the owner of this domain
> moves it from one registrar to another. Here's where it sits now:
> http://samspade.org/whois?query=ofallevil.comserver=auto
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "SG" wrote in message
> news:Ok#g3qgoIHA.4928@TK2MSFTNGP04.phx.gbl...
>> JJ,
>>
>> Little more research on this and appears MS does own it.
>>
>> Order 1
>> IP Address 207.46.19.254
>> Status Succeed
>> Country USA - Washington
>> Network Name MICROSOFT-GLOBAL-NET
>> Owner Name Microsoft Corp
>> From IP 207.46.0.0
>> To IP 207.46.255.255
>> Allocated Yes
>> Contact Name Microsoft Corp
>> Address One Microsoft Way
>> Redmond
>>
>> Email iprrms@microsoft.com
>> Abuse Email abuse@msn.com
>> Phone +1-425-882-8080
>> Fax
>> Whois Source ARIN
>> Host Name thesource.ofallevil.com
>> Resolved Name wwwbaytest2.microsoft.com
>>
>>
>> --
>> All the best,
>> SG
>>
>> Is your computer system ready for Vista?
>> https://winqual.microsoft.com/hcl/
>>
>> "JanJ" wrote in message
>> news:889D6386-51E3-49D8-B5B0-46723B60BDBB@microsoft.com...
>>>
>>>
>>> "SG" wrote:
>>>
>>>> http://spiresecurity.typepad.com/spire_sec...s_thesourc.html
>>>
>>>
>>> Appreciate it, SG.
>>>
>>> JJ
>>
 
I have absolutely no clue whatsoever. And it probably isn't free, I suspect
they have to pay for the registration.

But hey, anything that drives more traffic to our site can't be all that
bad!
smile.gif


--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"SG" wrote in message
news:eK3iEgBpIHA.2292@TK2MSFTNGP03.phx.gbl...
> Hi Steve,
>
> Thanks for clearing this up. One question if you don't mind. What gain do
> these people have by doing this?
>
> --
> All the best,
> SG
>
> Is your computer system ready for Vista?
> https://winqual.microsoft.com/hcl/
>
> "Steve Riley [MSFT]" wrote in message
> news:96B8DFFD-01A0-4391-B45A-3370D1EB1F9C@microsoft.com...
>> It isn't ours.
>>
>> Several years ago someone registered the ofallevil.com domain, then setup
>> a DNS server with a "thesource" CNAME that points thesource.ofallevil.com
>> to www.microsoft.com.
>>
>> Although it's pretty juvenile behavior, it isn't illegal, and there's
>> really nothing we can do about it. Periodically the owner of this domain
>> moves it from one registrar to another. Here's where it sits now:
>> http://samspade.org/whois?query=ofallevil.comserver=auto
>>
>> --
>> Steve Riley
>> steve.riley@microsoft.com
>> http://blogs.technet.com/steriley
>> http://www.protectyourwindowsnetwork.com
>>
>>
>>
>> "SG" wrote in message
>> news:Ok#g3qgoIHA.4928@TK2MSFTNGP04.phx.gbl...
>>> JJ,
>>>
>>> Little more research on this and appears MS does own it.
>>>
>>> Order 1
>>> IP Address 207.46.19.254
>>> Status Succeed
>>> Country USA - Washington
>>> Network Name MICROSOFT-GLOBAL-NET
>>> Owner Name Microsoft Corp
>>> From IP 207.46.0.0
>>> To IP 207.46.255.255
>>> Allocated Yes
>>> Contact Name Microsoft Corp
>>> Address One Microsoft Way
>>> Redmond
>>>
>>> Email iprrms@microsoft.com
>>> Abuse Email abuse@msn.com
>>> Phone +1-425-882-8080
>>> Fax
>>> Whois Source ARIN
>>> Host Name thesource.ofallevil.com
>>> Resolved Name wwwbaytest2.microsoft.com
>>>
>>>
>>> --
>>> All the best,
>>> SG
>>>
>>> Is your computer system ready for Vista?
>>> https://winqual.microsoft.com/hcl/
>>>
>>> "JanJ" wrote in message
>>> news:889D6386-51E3-49D8-B5B0-46723B60BDBB@microsoft.com...
>>>>
>>>>
>>>> "SG" wrote:
>>>>
>>>>> http://spiresecurity.typepad.com/spire_sec...s_thesourc.html
>>>>
>>>>
>>>> Appreciate it, SG.
>>>>
>>>> JJ
>>>
>
 
Back
Top