Stunning Findings - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Stunning Findings

  1. #11
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    http://%6f%64%7a%71%74%74%2e%74%2e%6...?%61%69%64=420

    does decode to http://odzqtt.t.muxa.cc/s.php

    which resolves to 81.211.105.37

    which belongs to:

    inetnum: 81.211.105.0 - 81.211.105.255
    netname: SOVINTEL-ICSTM2
    descr: ICS TM, JSC
    descr: 70 Bolshoy pr. V.O.
    descr: 199002 St.-Petersburg
    country: RU

    using wget to avoid any kind of infection i downloaded the page (attached)

    it appears to be a cool web search web page judging by the links:

    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=gambling">Gambling</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=casino">Casino</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=games">Games</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=movies">Movies</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=music">Music</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=sports">Sports</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=travel">Travel</a><br>

    href="http://coolpage.cc/cprv.php?aid=100038&ww=betting">Betting</a><br>
    <a
    href="http://coolpage.cc/cprv.php?aid=100038&ww=blackjack">Blackjack</a><br>
    <a
    href="http://coolpage.cc/cprv.php?aid=100038&ww=casinos">Casinos</a><br>
    <a
    href="http://coolpage.cc/cprv.php?aid=100038&ww=gambling">Gambling</a><br>
    <a
    href="http://coolpage.cc/cprv.php?aid=100038&ww=horse+racing">Horse Racing</a><br>
    <a
    href="http://coolpage.cc/cprv.php?aid=100038&ww=poker">Poker</a>

    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=baseball">Baseball</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=basketball">Basketball</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=fishing">Fishing</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=football">Football</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=skiing">Skiing</a><br>
    <a href="http://coolpage.cc/cprv.php?aid=100038&ww=soccer">Soccer</a>
    etc., etc.

    =+=+=+=+=+=+=+=+=+=+=
    side note

    if you omit the "/s.php" from the url odzqtt.t.muxa.cc/s.php you get re-directed to:

    http://ww9.linklist.cc/index.php?aid=20037

    another attempt to hide no doubt

    =+=+=+=+=+=+=+=+=+=+=


    there's also a ref. or two to msn search. i think microSoft might be interested in hearing about this especially with the phony dns record which points to the MS domain for the non-existant muxa.cc and the use of their "terms" page (below)

    <div id=$Ci>
    <span style='text-align:right;font-family:arial;font-size:7pt'><span title="Legal information for this site"><a href='http://go.msn.com/npl/terms.asp' target='_main'><!--Terms of Use--></a></span></span>
    </div>


    if(l!=""){
    document.location="http://search.msn.com/results.asp?RS=CHECKED&Dom=en&un=doc&v=1&q="+l;
    }else


    so after all this....yup! looks like you been hi-jacked and their trying to hide their operation behind MicroSoft
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #12
    Banned
    Join Date
    Feb 2004
    Posts
    53
    can you let me know how you where able to download the sorce from the page???

    just curious.. i think i have a good idea but i just want ot know for sure

  3. #13
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    a command line utility called wget. it's contained in unixutils which are windows versions (ports) of unix tools.

    http://unxutils.sourceforge.net/UnxUtils.zip


    you just do:

    wget http://odzqtt.t.muxa.cc/s.php

    from the command prompt. it can do much more than this. read the documentation. its a really great tool.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #14
    Member
    Join Date
    May 2003
    Location
    Somewhere in Texas
    Posts
    76
    Gosh, Microsoft downloading spyware? Whooda Thunk!

  5. #15
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    considering the registrar that put through this request my guess is the Ip is hijacked and the registry info is faked...MSN has nothing to do with this beyond haveing too many unused ips that some one was able to grab.
    Who is more trustworthy then all of the gurus or Buddha’s?

  6. #16
    Banned
    Join Date
    Feb 2004
    Posts
    53
    agreed....

    here is the responce from MSN.com

    This is an auto-generated response designed to let you know that we have received your report, which will be investigated personally by one of our Support Representatives within 24 hours. Your report is important to us and we will treat it accordingly. You will receive no further contact from MSN about this report, unless we need further information to complete our investigation, or extenuating circumstances apply.

    MSN does not provide telephone support for abuse related issues. All abuse issues must be reported to, and are addressed via email, at abuse@msn.com.

    Unsolicited e-mail (or spam) is an issue challenging all ISPs and web-based e-mail services. We want you to know that MSN does not sell its membership lists, or give permission to anyone who wishes to send unsolicited e-mails. MSN does not monitor or review e-mail messages that are sent to MSN customers, but we do provide filtering systems which can be used by account holders to help them control the messages delivered to their Inbox.

    Please note that we can only take action against MSN users' accounts (those which have e-mail address that ends with “@MSN.com”), and not those from any other domain. If the source of abuse in your report does not originate from an MSN account, we will be unable to assist you, and recommend that you send your report directly to the abuse department of the originating domain or service provider. You can learn how to determine where an e-mail message originated from at: http://support.msn.com/solutionartic...ncom&aid=7788.

    To report e-mail abuse originating from a Hotmail account, please contact: abuse@hotmail.com.

    When sending a report to any abuse department, please include the full, unedited content and original e-mail headers of the message, as well as a brief description of the issue. If the full, unedited content and original e-mail headers are not provided, the report cannot be investigated. For assistance on how to locate the headers, please go to http://support.msn.com/solutionartic...ncom&aid=7788. Please send this information only one time, as sending multiple reports about the same user will hamper the ability to deal with the situation in an effective and timely manner.

    It’s common for unsolicited e-mail to contain a forged address on the “From:" line. This means that, while an unsolicited e-mail may appear to have been sent from an MSN account, it can just as easily have been sent from another domain. The only way to determine the original source is by investigating the e-mail header. Detailed instructions on how to do this are provided via the link above. If the message did originate from an MSN account, we will take immediate and appropriate action.

    If it looks like a message was sent to you from your MSN account, the spammer has likely used software which allows your email alias to be placed into the "From" field, the same MSN ID as in the "To" field. This would not necessarily indicate the spammer has access to your MSN account, personal information, or communications.

    To learn how to report non e-mail abuse issues, please visit: http://support.msn.com/solutionartic...ncom&aid=7786.

    If you suspect a crime is being committed, you should report it directly to your local police authorities. MSN can only require its users to conform to its Terms of Use and Subscription Agreement. MSN reports all cases of suspected child pornography to the proper authorities.


    Please do not respond to this e-mail, as any messages sent to this address by using the “Reply” button will not receive a response. We appreciate your understanding that due to our privacy policy, we will not report back to you about any action taken against MSN users. However, we want to assure you that we will take appropriate action against MSN users who have violated the MSN Terms of Use or the MSNIA Subscription Agreement.

    To learn how to help keep kids safe online go to A Parent’s Guide to Online Safety at http://onlinesafetyguide.msn.com

    To learn more about MSN Mail and Junk Mail Filters please visit: http://support.msn.com

  7. #17
    Banned
    Join Date
    Feb 2004
    Posts
    53
    well so far MSN have not done anything.... that kinda tells me that they are not conserned with issues that involve there network, or there users security............

    maybe they are financing that site.......

  8. #18
    Member
    Join Date
    Mar 2004
    Posts
    41
    MsM,

    When I did WHOIS operation on www.networksolutions.com , for odzqtt.t.muxa.cc , it showed up ..
    odzqtt.t.muxa.cc
    No match for domain "ODZQTT.T.MUXA.CC".
    No results showed up even if I did WHOIS on muxa.cc ..
    What could be the mistake ??

    Can u plz. tell me how did u get the hell lot of information about them ??

    When I did traceroute.. It showed Request timed out after the 3rd router (maybe coz of a firewall) ..

    I'm askin this due to high cuiosity ... How could MsM find so much info about them ?? Was it with some tool.. ??
    Can anone help me. ??

    Thanx in advance .
    - SCORPION

  9. #19
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #20
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    It looked like a basic whois query from a *nix box. The fact is that there are various servers for whois responses, and MsM used whois.arin.net... you had something like whois.networksolutions.com, hence the difference in response [has to do with whois database].

    The 'tool' is whois in *nix. Maybe unixutils has it, if not I think something similar can be acheived with nslookup in Win XP [and I'd guess 200/2003 too].

    The traceroute stop may be due to a firewall, given that your path to the server is different than MsM's. I can't test it now because of an issue with my traceroute, but that seens the reason. Simply, becasue of a different location and ISP you're signal goes through another path, and somewhere there there's a firewall.

    [edit]
    MsM is everywhere. Obviously she posted as I was posting. This is freaky
    [/edit]
    /\\

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides