start tracing target: 83.133.123.113 ()
Tracing __________________________________________________________________________!____.
TTL LFT trace to t1010.greatnet.de (83.133.123.113):80/tcp
1 [AS15968] [RIPE-C3/NETPILOTGMBH-DE] gwy.netpilot.net (62.67.240.1) 0.6/1.5ms
2 [AS15968] [RIPE-C3/NETPILOTGMBH-DE] gwy34.netpilot.net (62.67.240.17) 1.0/0.8ms
3 [AS15968] [RIPE-C3/NETPILOTGMBH-DE] l3gate1.netpilot.net (62.67.194.62) 1.5/1.9ms
4 [AS3356] [RIPE-NCC-212/UK-LVLT-990218] gi-6-3.car1.Munich1.Level3.net (212.162.1.65) 2.5/125.5ms
5 [AS3356] [LVLT-ORG-4-8] ae-4-4.ebr1.Frankfurt1.Level3.net (4.69.134.2) 8.4/8.9ms
6 [AS3356] [LVLT-ORG-4-8] ae-81-81.csw3.Frankfurt1.Level3.net (4.69.140.10) 19.2/19.3ms
7 [AS3356] [LVLT-ORG-4-8] ae-3-89.edge6.Frankfurt1.Level3.net (4.68.23.142) 8.3/8.7ms
8 [AS3356] [RIPE-CBLK3/BBNPLANET-INTL] LAMBDANET.edge6.Frankfurt1.Level3.net (195.16.161.6) 9.2/10.3ms
9 [AS13237] [217-RIPE/EU-LAMBDANET-CORE-DE-P2P-2] MUC-1-eth000.de.lambdanet.net (217.71.96.166) 15.4/16.0ms
** [firewall] the next gateway may statefully inspect packets
10 [AS13237] [217-RIPE/LNC-DE-CUSTOMERLINKS3] GRE-0-pos1337.de.lambdanet.net (217.71.107.50) 16.4/16.3ms
11 [AS13237] [83-RIPE/LNCDE-GREATNET-NEWMEDIA] [target] t1010.greatnet.de (83.133.123.113):80 16.4/17.0/*/*/*ms
LFT's trace took 3.75 seconds. Resolution required 12.09 seconds.
end tracing target 83.133.123.113
start whois lasthop for (83.133.123.113)
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '83.133.96.0 - 83.133.127.255'
inetnum: 83.133.96.0 - 83.133.127.255
netname: LNCDE-GREATNET-NEWMEDIA
descr: Greatnet New Media.
country: DE
admin-c: FL1331-RIPE
tech-c: FL1331-RIPE
status: ASSIGNED PA
mnt-by: LNC-MNT
mnt-lower: LNC-MNT
source: RIPE # Filtered
person: Frazzetta Lindner
address: Greatnet New Media
address: Brentenstrasse 4a
address: D-83734 Hausham
address: Germany
phone: +49 1805 47328638
fax-no: +49 1805 444894696
nic-hdl: FL1331-RIPE
abuse-mailbox: abuse@greatnet.de
mnt-by: LNC-MNT
source: RIPE # Filtered
% Information related to '83.133.0.0/16AS13237'
route: 83.133.0.0/16
descr: Lambdanet Operations - German region
origin: AS13237
mnt-by: LNC-MNT
source: RIPE # Filtered
end whois lasthop for (83.133.123.113)
start list of email contacts:
abuse@greatnet.de
end list of email contacts:
start transcript of session:
DEBUG output created by Wget 1.10.2 on linux-gnu.
--18:19:10-- http://explorersecurityhelper.com/block.php
=> `/tmp/BARv4HToC'
Connecting to 62.67.194.52:3128... connected.
Created socket 19.
Releasing 0x0808f138 (new refcount 0).
Deleting unused 0x0808f138.
---request begin---
GET http://explorersecurityhelper.com/block.php HTTP/1.0
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; en-US)
Accept: */*
Host: explorersecurityhelper.com
---request end---
Proxy request sent, awaiting response...
---response begin---
HTTP/1.0 200 OK
Date: Wed, 05 Aug 2009 16:19:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Length: 2629
Content-Type: text/html
X-Cache: MISS from dbserver.op.netpilot.net
X-Cache-Lookup: MISS from dbserver.op.netpilot.net:23128
Proxy-Connection: close
---response end---
HTTP/1.0 200 OK
Date: Wed, 05 Aug 2009 16:19:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Length: 2629
Content-Type: text/html
X-Cache: MISS from dbserver.op.netpilot.net
X-Cache-Lookup: MISS from dbserver.op.netpilot.net:23128
Proxy-Connection: close
Length: ignored [text/html]
0K .. 3.76 MB/s
Closed fd 19
18:19:10 (3.76 MB/s) - `/tmp/BARv4HToC' saved [2629]
end transcript of session
start of offending raw content:
<html xmlns="http://www.w3.org/1999/xhtml" class="blacklist">
<head>
<link rel="stylesheet" href="img/style.css" type="text/css" media="all"/>
<title>Warning! Visiting this site may harm your computer!</title></head>
<body>
<table width="645" border="0" align="center" cellpadding="0" cellspacing="0" style="margin-top:60px;
font-size:11px;">
<tr>
<td width="18"><img src="img/001.gif" width="19" height="19"></td>
<td width="620" bgcolor="#772222" style=" border-top:#808080 solid 1px;"> </td>
<td width="18" align="right"><img src="img/002.gif" width="19" height="19"></td>
</tr>
<tr>
<td width="18" bgcolor="#772222" style=" border-left:#808080 solid 1px;"> </td>
<td width="620" bgcolor="#772222"><table width="100%" border="0" cellspacing="5" cellpadding="0">
<tr>
<td width="13%" valign="top" align="center"><img src="img/ico.gif" width="63" height="64"></td>
<td width="87%" valign="top"><div style="font-size:17px; color:#ffffff; border-bottom:1px solid
#FFF;"><strong>Warning! Visiting this site may harm your computer!</strong>
</div>
<div style=" margin-top:18px; color:#FFF; font-size:12px;">
<p>This web site probably contains malicious software program, which can cause damage to your computer or
perform actions without your permission. Your computer may be infected after visiting such web site.</p>
<p>We recommend you to install (or activate) antivirus security software.</p>
<p>I do realize that visiting this site can cause harm to my computer.</p>
<table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-top:26px;">
<tr>
<td width="18%"><form action="" method="GET"><input type="submit" id="button" value="Continue
Unprotected"></form></td>
<td width="4%"> </td>
<td width="78%"><form action="/1/" method="GET"><input type="hidden" value="" name="id"><input
type="submit" id="button2" value="Get security software"></form></td>
</tr>
</table>
</div></td>
</tr>
</table></td>
<td width="18" bgcolor="#772222" style=" border-right:#808080 solid 1px;"> </td>
</tr>
<tr>
<td width="18"><img src="img/004.gif" width="19" height="19"></td>
<td width="620" bgcolor="#772222" style=" border-bottom:#808080 solid 1px;"> </td>
<td width="18" align="right"><img src="img/003.gif" width="19" height="19"></td>
</tr>
</table>
</body>
</html>
end of offending raw content
