Is Zemana Spoofing Their Ip Address?

Discussion in 'other anti-malware software' started by itman, Feb 19, 2013.

Thread Status:
Not open for further replies.
  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Lately when I connect to the Zemana web site, I am seeing a useragents.ie as a destination address.

    Anyone know what this is about?
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Wierd because,

    WhoIS = useragents.ie = 168.62.20.37

    Curious it was only created on 16-January-2013 !

    It "seems" unlikely it was Zemana ? But keep us posted :thumb:
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    It's not a matter of spoofing, or a sign of any other type of issue. It's simply a matter of how the Zemana website is hosted...

    When you do a DNS lookup for the Zemana site, you get this:

    Code:
    # host zemana.com
    zemana.com has address 168.62.20.37
    When you do a reverse DNS lookup on the IP address, you get this:

    Code:
    # ipcalc -h 168.62.20.37
    HOSTNAME=useragents.ie
    While there are other possible explanations, the most common reason for this is that the IP address in question hosts multiple websites, not just the one you are attempting to reach.

    A quick search shows that these other domain names are also hosted on "168.62.20.37"

    Code:
    # host minemymail.com
    minemymail.com has address 168.62.20.37
    # host portlandweddinggroup.net
    portlandweddinggroup.net has address 168.62.20.37
    # host wolcottgroup.com
    wolcottgroup.com has address 168.62.20.37
    I have a website like this myself. I have a small private forum used for emergency communications with some others. It is hosted at 1and1.com on a shared server with perhaps hundreds of other websites. The DNS lookup from my domain name points to an IP address that is not dedicated only to me, but, is shared across those hundreds of websites. Since the IP address can only reverse to a single name, 1and1 used an internal name like: s########.1and1.info or some such. However, all of those hundreds of websites are unique and have separate content, even though they are hosted at a single IP address.

    In any case, this is most likely a matter of shared hosting resources. It could be a deal to get localized content distributed regionally around the world. It could be that Zemana just subscribed to this new hosting agreement for whatever other reason - money, availability, load balancing, etc.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Thanks for that great explanantion on useragents.ie. It was driving me buggy since I could only find obsure info on the web about it.
     
Loading...
Thread Status:
Not open for further replies.