Strange Page

[nagan]

What do you make of this page? Firefox gives out a message of page not available but there are strange indicators.

[therube]

I don't go 2hell nor shorturl ( ). Only to 6x.to.
OK, if I disable AdblockPlus, then I go 2hell too .

It appears that what shows "is" the expected result (at least for 6x.to).
That page is attempting to open 204.210.154.31 (in a frame) but fails.

Code: Select all

    <HTML>
    <HEAD>
	<SCRIPT>
        <!--
        if(top!=self)
        top.location.href=self.location.href;
        //-->
        </SCRIPT>
    <TITLE>VX CHAOS FILE SERVER</TITLE>
    <meta name="keywords" content="VX Collection, virii, virus, vir, wurm, viry, viruses, worm, trojan, antivirus, warez, xploits, CHAOS, polymorphic engines, virus sources, security issues, hacking, security exploits, IDS, pen-test, spoofing, blackhat, sploits, logic bombs, worms, virii collections, xploit, AV, appz, anonymous surf, full app, cracks, Azag-thoth, virus writers, vck, 0-day, PolyEngine, EXE Packer, computer infection, Virus Tools, virii, crackz, free web site builder tool, Azathoth, Azag">
    <meta name="description" content="Viruses and worms, huge virus collection, antivirus, virii, vx sources, vx mags, ezines, virus writing tutorials, logic bombs, Virus Creation Programs And Construction Kits, window bombs, security exploits, sploits, VCK, Free Warez, FREE Web Site Builder Tools, Web Server Apps, Anti-Virus Scanners, H4x0ring, FREE virus sources including ASM sources, VBS, HTML, C++, Delphi, Visual Basic">
		</HEAD>

    <frameset frameborder="0" framespacing="0" border="0" rows="100%,*" noresize>
    <frame name="getoutofthissourcecodebastard_frame" src="http://vxchaos.2hell.com/" noresize>
    <frame name="getoutofthissourcecodebastard_blank" src="blank.php" marginwidth="0" marginheight="0" noresize>   
    </frameset>
    </HTML>

The "vxchaos" of http://vxchaos.6x.to/ is like a virtual kind of thing. (I may not be saying the correctly.)

[luntrus]

Status malicious - location: Germany

Server IP(s):
62.4.83.231
62.93.229.15

=========================
HTTP headers:

GET / HTTP/1.0
Host: vxchaos.6x.to
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept-Encoding: gzip
Location Germany

Info on 6x.to
The last time that suspicious code has been found on mentioned site was on 2010-01-04.
Malicious software includes 20 scripting exploits, 6 trojans. Successful infection resulted in an average of 3 new processes on the target machine.

Malicious software has been hosted on 8 domains, e.g. bronx.sk/, mjainfo.mj.funpic.de/, myopera.com/.

1 domain seems to function as a re-direct for spreading maware to visitors of this site, e.g. anhkuloc.byethost13.com/.

This site was hosted on 1 network, including AS8455 (ATOM86).

One site has been infected by this site, e.g. come.vn/.

myopera.com is still infected with
Virus
Threat found: 1

Name of threat: Trojan Horse
Location: hxtp://static03.myopera.com/upic/pool1/iH/jmM/+dyDc5NGqNoZAWAylgA8Fo/2290230_m.jpg

But on 210-02-23 it still had malicious software including 12 trojans, 4 scripting exploits

This site was hosted on 2 network(s) including AS3292 (TDC), AS12552 (IPO),

luntrus

[Alan Baxter]

Just attracting spam. Locking.