Category Archives: Domain Names

What is nwolb.com ? [RESOLVED]

The domain nwolb.com is owned by Natwest Bank, it was first registered in 1999.

It is used when you click to login to online banking.

Personally, as someone who is not a Natwest customer the domain nwolb.com looks fake to me and I had to double check it was genuine when writing this post.   You Google Natwest and you get natwest.com then when you go to login you get directed to this.

If you lookup this domain name on WhoIs tools online you will notice that this does not show as been owned by Natwest but comes back as CSC Corporate Domains, Inc.  This can cause a lot of people to think the domain is not genuine.

We have reported in the past (details here) about spam e-mails that appear to come from this domain, but the e-mails are actually fake and use spoofed addresses.

As you can see from the below image when on natwest.com there is a link to “Log in to Online Banking” and it is this link that takes you to nwolb.com




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What Is msftconnecttest.com ?

You have found this web page because you want to know what the domain msftconnecttest.com is and who owns it.

We can confirm this URL is used by Microsoft Windows 10 and above to test if you have a working internet connection.

Windows has an internal component for network connectivity changes detection called “Network Connectivity Status Indicator” (NCSI as known). This component, among other tasks, performs a background testing to determine if the machine has Internet connectivity, engages his brother, the Network Location Awareness (or NLA), to identify if it’s in a domain or a public network to define the proper firewall profile, etc.

There is two URL’s associated to connectivity checks they are msftconnecttest.com and msftncsi.com



Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What Is msftncsi.com ?

You have found this web page because you want to know what the domain msftncsi.com is and who owns it.

We can confirm this URL is used by Windows 8.1 and earlier to test if you have a working internet connection.

Windows has an internal component for network connectivity changes detection called “Network Connectivity Status Indicator” (NCSI as known). This component, among other tasks, performs a background testing to determine if the machine has Internet connectivity, engages his brother, the Network Location Awareness (or NLA), to identify if it’s in a domain or a public network to define the proper firewall profile, etc.

There is two URL’s associated to connectivity checks they are msftconnecttest.com and msftncsi.com




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What Is sophosxl.net

The domain *.sophosxl.net is the Sophos eXtensible List domain and is used by the Web Proxy and Antivirus for security and categorization lookups using HTTP and DNS queries on Sophos products.

SXL uses ports 80 and 53




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is cse.google.com

The web address cse.google.com is a legitimate part of Google search, known as “Custom Search” however there are plenty of browser hijackers who abuse this feature to generate revenue from Google.

Example of cse.google.com search results

This type of browser hijackers are often bundled with other free software that you download off of the Internet. Some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed adware without your knowledge.

With Google Custom Search the person who created it has the option to set the custom search engine to search the entire web, similar to a normal search on Google.com and they can earn money from Ads.



 

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is ijinshan.com

The domain ijinshan.com appears to be related to malware, we have seen this and detected it a number of times now.

The domain is hosted in China, and we have seen quite a lot of phones with malware that trace back to this host.

Known Applications

The following applications are known to host the malware associated to this domain (to be updated)

KBatteryDoctor

Battery_Doctor_(Battery_Saver)

Known Subdomains

www.ijinshan.com
did.ijinshan.com  – Confirmed Win32.Trojan.Jadtre
m.ios.ijinshan.com
login.ijinshan.com
union.ijinshan.com
i.ijinshan.com
pay.ijinshan.com
t.ijinshan.com
zj.ijinshan.com
skin.ijinshan.com
d.union.ijinshan.com – Confirmed Troj/Small-EUU (Details from Sophos here)
cloudlib.ijinshan.com
dl.dc.ijinshan.com
dl.app.ijinshan.com
zj.ios.ijinshan.com
zt.ijinshan.com
baike.ijinshan.com
img1.ijinshan.com
u.ijinshan.com
app.ijinshan.com
url.ijinshan.com
file.ijinshan.com
wap.ijinshan.com
app.sjk.ijinshan.com
dl.sj.ijinshan.com
cdndownload.liehu.ijinshan.com
cloudapp.softlib.ijinshan.com
bj.download.ijinshan.com
softdl.ijinshan.com
fish.ijinshan.com
cs.weishi.ijinshan.com
peifu.ijinshan.com
ijinshan.com
code.ijinshan.com
zs.ijinshan.com
m.ijinshan.com
rz.ijinshan.com
client.ijinshan.com
mail.ijinshan.com
buding.ijinshan.com
software.ijinshan.com
box.wan.ijinshan.com
apns.ios.ijinshan.com
vip.ijinshan.com
gamebox.ijinshan.com
per.ijinshan.com
dl.ijinshan.com
wxservice.ijinshan.com
f.ijinshan.com




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is gstatic.com

There is a lot of talk on the forums and online in general about what gstatic.com is and who own’s it. I have seen many posts online where people say this domain is hosting malware/viruses/spyware I hope to clear a few things up in the post regarding this domain.

There is a lot of fake websites that say this hosts viruses and gives details on how to remove them, please ignore those sites they are fake.

To start with this domain is owned and operated by Google – Domain data lookup here.

Google uses this domain to off-loaded static content (JavaScript code, images and CSS) to a different domain name in an effort to reduce bandwidth usage and increase network performance for the end user.

gstatic.com is a cookieless domain to deliver static content for Google.  One benefit of hosting static components on a cookie-free domain is that some proxies might refuse to cache the components that are requested with cookies.

Content loaded from ssl.gstatic.com and www.gstatic.com do not use client-side tracking methods.

Known subdomains

fonts.gstatic.com
maps.gstatic.com
csi.gstatic.com
metric.gstatic.com




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is llnwd.net

llnwd.net is a domain used by customers of the Limelight Networks content distribution network (CDN), they host content such as downloads and streaming media for companies like EA Games, BBC and Microsoft.

You will probably notice a lot of internet traffic going to this domain, that is because it hosts streaming content etc.  So, for example you visit bbc.co.uk and listen to the radio online for 1 hour you will only get say 5MB of traffic to bbc.co.uk but 50MB of traffic to the llnwd.net domain.

WhoIs information for this domain can be found here.

Example BBC URL you might see in any proxy or firewall logs :-

https://vs-hds-uk-live.bbcfmt.hs.llnwd.net/

The official direct website for Limelight Networks is https://www.limelight.com/

This website is safe and contains no malicious content – for an updated check on this site click here




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What Is gvt3.com

There is a lot of talk on the forums and online in general about what gvt3.com is and who own’s it.  I have seen many posts online where people say this domain is hosting malware/viruses/spyware I hope to clear a few things up in the post regarding this domain.

Who own’s this domain name ?

This domain is owned by Google – Full lookup details here

What is this domain used for ?

Google services – To be confirmed …

Subdomains

We have identified the following subdomains associated to this site :-

beacons5.gvt3.com

Does this domain host malware/viruses/spyware ?

As far as I can tell no.  It is owned by Google.  I have seen this domain in our customers proxy logs and we have checked it ourselves and can see no evidence that it is linked to anything other than Google services.

If you are looking for information on gvt1.com then click here if you are looking for information on gvt2.com click here.




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is gvt2.com

There is a lot of talk on the forums and online in general about what gvt2.com is and who own’s it.  I have seen many posts online where people say this domain is hosting malware/viruses/spyware I hope to clear a few things up in the post regarding this domain.

Who own’s this domain name ?

This domain is owned by Google – Full lookup details here

What is this domain used for ?

Google services – To be confirmed …

Subdomains

We have identified the following subdomains associated to this site :-

beacons.gcp.gvt2.com
beacons.gvt2.com
beacons2.gvt2.com
beacons3.gvt2.com
beacons4.gvt2.com
beacons5.gvt2.com

Does this domain host malware/viruses/spyware ?

As far as I can tell no.  It is owned by Google.  I have seen this domain in our customers proxy logs and we have checked it ourselves and can see no evidence that it is linked to anything other than Google services.

If you are looking for information on gvt1.com then click here if you are looking for information on gvt3.com click here.





+

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.