[Dshield] need help decoding.

Ivan_Macalintal at trendmicro.com Ivan_Macalintal at trendmicro.com
Wed Sep 19 13:21:20 GMT 2007


Hi Dan,

Interesting...

The script decodes to an IFRAME leading to:

http://marcobernardoni.com/x/index.php

The page is _still_ empty though... (Good thing you saw this. Nipped in
the bud perhaps.)

whois query for marcobernardoni.com...

Results returned from whois.internic.net:

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: MARCOBERNARDONI.COM
   Registrar: ONLINENIC, INC.
   Whois Server: whois.35.com
   Referral URL: http://www.OnlineNIC.com
   Name Server: NS1.NAMESELF.COM
   Name Server: NS2.NAMESELF.COM
   Status: clientTransferProhibited
   Updated Date: 08-jul-2007
   Creation Date: 28-may-2007
   Expiration Date: 28-may-2008


Regards,

Ivan Macalintal
Senior Threat Analyst
Trend Micro Inc.



TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.



More information about the list mailing list