RE: browser redirection to forward.domainname.at

From: Ralph Los (RLos@enteredge.com)
Date: 02/26/02

Previous message: Michael Gargan: "Re: browser redirection to forward.domainname.at"
Maybe in reply to: Matthew.van.Eerde@hbinc.com: "browser redirection to forward.domainname.at"
Next in thread: Michael Gargan: "Re: browser redirection to forward.domainname.at"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Ralph Los" <RLos@enteredge.com>
To: "'Matthew.van.Eerde@hbinc.com'" <Matthew.van.Eerde@hbinc.com>, focus-ms@securityfocus.com
Date: Tue, 26 Feb 2002 12:42:02 -0500

Well, thought I'd throw out the obviouis:

Name: forward.domainname.at
Address: 212.69.172.16

This is strange. Going to the page yields a seemingly legitimate DNS tools
type of web page. Very, very interesting, I wonder how this URL works?

Good luck,

----------------------------------------|
Ralph M. Los
Sr. Security Consultant and Trainer
          EnterEdge Technology, L.L.C.
          rlos@enteredge.com
          (770) 955-9899 x.206
----------------------------------------|

::-----Original Message-----
::From: Matthew.van.Eerde@hbinc.com
::[mailto:Matthew.van.Eerde@hbinc.com]
::Sent: Tuesday, February 26, 2002 11:29 AM
::To: focus-ms@securityfocus.com
::Cc: focus-virus@securityfocus.com
::Subject: browser redirection to forward.domainname.at
::
::
::A strange problem is surfacing on our network. Users will
::type in a website they have been to before, and they will be
::forwarded to
::
::http://forward.domainname.at/http://212.69.172.16/forward.php
::and then to
::http://212.69.172.16/forward.php
::
::Have we been hit by a virus? Or is there some name
::resolution hack on the internet?
::
::Typing in the ip address of a site
::http://216.168.252.86 for http://www.verisign.com for example
::goes to the correct site. nslookup prompts from the command
::line yeild the correct IP address.
::
::Workstations are Windows 2000 Professional SP2 with IE 6.
::
::Matthew van Eerde
::Software Engineer
::

Previous message: Michael Gargan: "Re: browser redirection to forward.domainname.at"
Maybe in reply to: Matthew.van.Eerde@hbinc.com: "browser redirection to forward.domainname.at"
Next in thread: Michael Gargan: "Re: browser redirection to forward.domainname.at"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Active directory slowly on bdc
... So the NETMON trace shows the DC that you are connected to contact the other ... DC when you are looking at user properties? ... Strange. ... correct site. ...
(microsoft.public.windows.server.active_directory)
Re: OT: John Cleese letter to America.
... everyone stops & yields to the right & to whomever ... Now those do seem strange to us. ...
(alt.support.diabetes)
DuplicateHandle (strange result)
... (copying to the same process) ... function succeeds but yields a strange result ... it yields a correct result handle. ...
(microsoft.public.vc.mfc)