republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » NIS 2009 Found This... What is it?
Uniqs:
666		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
(topic move) Skype through wireless router »
« Can't connect to airfrance.com but everybody else can  

owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
clubs:

NIS 2009 Found This... What is it?

Click for full size
What is this attack? Looks like an FP to me, but I'm not really sure...
permalink · 2008-10-22 06:41:49 · Print · Reply to this

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable

Re: NIS 2009 Found This... What is it?

Here is some info about that IP
»www.dshield.org/ipinfo.html?ip=58.65.234.9
Hostname: 58-65-234-9.myrdns.com

ISP in HongKong

I wouldn't call it a false positive unless you were unable to view a web page correctly that may have contained something from this IP.

NIS blocked it so if you didn't notice a web page loading properly hosted in HongKong I wouldn't worry NIS did its job
--
Proud Member of ASAP
DSLR Phishtracker
permalink · 2008-10-22 06:59:06 · Print · Reply to this

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable

 NIS states that wsxhost.net was the webpage you were visiting

WHO IS INFO
Result for wsxhost.net
--> /usr/local/bin/fwhois wsxhost.net@whois.internic.net
[whois.internic.net]

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

Domain Name: WSXHOST.NET
Registrar: REGTIME LTD.
Whois Server: whois.regtime.net
Referral URL: »www.webnames.ru
Name Server: NS1.NAMESELF.COM
Name Server: NS2.NAMESELF.COM
Status: ok
Updated Date: 19-sep-2008
Creation Date: 19-sep-2008
Expiration Date: 19-sep-2009

The Registry database contains ONLY .COM, .NET, .EDU domains and
--> /usr/local/bin/fwhois wsxhost.net@whois.regtime.net
[www.regtime.net]
% RegTime.net WHOIS server

Domain name: wsxhost.net

Name servers:
ns1.nameself.com
ns2.nameself.com

Registrar: RegTime.net Limited
Creation date: 2008-09-19
Expiration date: 2009-09-19

Registrant:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Administrative Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Technical Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Billing Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822

Domain name registered recently using IP name servers in HongKong for registrants in Minnesota thru a Russian registrar service -- IMO I would thank NIS. Doesn't sound kosher
--
Proud Member of ASAP
DSLR Phishtracker
permalink · 2008-10-22 07:14:14 · Print · Reply to this

owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
clubs:

Re: NIS 2009 Found This... What is it?

Thanks. I checked the whois on it before posting, but I still wasn't sure. I sure hope my Trend Micro software was protecting me prior to the NIS install...
permalink · 2008-10-22 11:15:23 · Reply to this

Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
·AT&T U-Verse

 SnapShot Viewer ActiveX? That sure sounds like a social engineering ploy to get a trojan installed (such as Zlob).

I wouldn't call it a FP.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
permalink · 2008-10-22 11:07:44 · Reply to this

therube

join:2004-11-11
Randallstown, MD		 Looks like this, Niranhadas.com.
permalink · 2008-10-22 15:34:51 · Reply to this

owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
clubs:

Re: NIS 2009 Found This... What is it?

said by therube See Profile :

Looks like this, Niranhadas.com.
Okay, I visited the link, but I don't know what the information ther means. It was obviously a code snippet, but iu don't know what it does. Looks like it wants to cause a buffer overflow, and then install a (malware?)helper to Adobe reader? Just a guess...
permalink · 2008-10-22 16:40:55 · Print · Reply to this
Forums » Up and Running » Security » Security(topic move) Skype through wireless router »
« Can't connect to airfrance.com but everybody else can  

Wednesday, 09-Dec 08:47:43 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [195] Sprint Sued For Distracted Driving Death
· [81] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [62] Sprint Poised For A Turnaround?
· [54] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [50] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [44] Microwaving Your Innards Is Not 'Extreme'
· [39] Verizon LTE: 5-12 Mbps Downstream
· [21] AT&T Releases Network Reporting iPhone App
Most people now reading
· Comcast refused to install 400' feet. [Comcast HSI]
· Windows 7 boot manager editing questions [Microsoft Help]
· HOA Headaches [General Questions]
· Woo hoo for snow! [Home Repair & Improvement]
· buffs, nerfs, and 3.3 [World of Warcraft]
· Microsoft Security Bulletin(s) for December 8, 2009 [Security]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· persistent connection to qw-in-f113.1e100.net on boot [Security]
· New PvE Content [World of Warcraft]
· Buzzing whatchamacallit in ceiling...?? Help identify. [Home Repair & Improvement]