owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
clubs:
| NIS 2009 Found This... What is it?
What is this attack? Looks like an FP to me, but I'm not really sure... |
|
amysheehan
Lakers Win
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
 ·RoadRunner Cable
| Here is some info about that IP
»www.dshield.org/ipinfo.html?ip=58.65.234.9
Hostname: 58-65-234-9.myrdns.com
ISP in HongKong
I wouldn't call it a false positive unless you were unable to view a web page correctly that may have contained something from this IP.
NIS blocked it so if you didn't notice a web page loading properly hosted in HongKong I wouldn't worry NIS did its job 
--
Proud Member of ASAP
DSLR Phishtracker |
|
amysheehan
Lakers Win
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| reply to owlyn
NIS states that wsxhost.net was the webpage you were visiting
WHO IS INFO
Result for wsxhost.net
--> /usr/local/bin/fwhois wsxhost.net@whois.internic.net
[whois.internic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
Domain Name: WSXHOST.NET
Registrar: REGTIME LTD.
Whois Server: whois.regtime.net
Referral URL: »www.webnames.ru
Name Server: NS1.NAMESELF.COM
Name Server: NS2.NAMESELF.COM
Status: ok
Updated Date: 19-sep-2008
Creation Date: 19-sep-2008
Expiration Date: 19-sep-2009
The Registry database contains ONLY .COM, .NET, .EDU domains and
--> /usr/local/bin/fwhois wsxhost.net@whois.regtime.net
[www.regtime.net]
% RegTime.net WHOIS server
Domain name: wsxhost.net
Name servers:
ns1.nameself.com
ns2.nameself.com
Registrar: RegTime.net Limited
Creation date: 2008-09-19
Expiration date: 2009-09-19
Registrant:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Administrative Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Technical Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Billing Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Domain name registered recently using IP name servers in HongKong for registrants in Minnesota thru a Russian registrar service -- IMO I would thank NIS. Doesn't sound kosher
--
Proud Member of ASAP
DSLR Phishtracker |
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
 ·AT&T U-Verse
·RoadRunner Cable
 ·AT&T Yahoo
| reply to owlyn
SnapShot Viewer ActiveX? That sure sounds like a social engineering ploy to get a trojan installed (such as Zlob).
I wouldn't call it a FP.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
|
|
owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
clubs: | reply to amysheehan
Thanks. I checked the whois on it before posting, but I still wasn't sure. I sure hope my Trend Micro software was protecting me prior to the NIS install... |
|
therube
join:2004-11-11
Randallstown, MD | reply to owlyn
Looks like this, Niranhadas.com. |
|
owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
clubs:
| Okay, I visited the link, but I don't know what the information ther means. It was obviously a code snippet, but iu don't know what it does. Looks like it wants to cause a buffer overflow, and then install a (malware?)helper to Adobe reader? Just a guess... |
|
