Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with Facebook Sign In with Google Sign In with OpenID Sign In with Twitter

In this Discussion

what is txtsrving.info ?

And why is it appearing in my script blocker these days ?

Google reveals very little on this :/
Imagine something sharp and witty here ......
0reaction image LOL 0reaction image Wow! 0reaction image Wisdom

Comments

  • Emp_FabEmp_Fab Frets: 1569
    Open it in notepad and paste it here.
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • DeadmanDeadman Frets: 569
    Are there any tits in it?
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • JalapenoJalapeno Frets: 510
    Noscript plugin is blocking it.  Nothing to paste.
    Imagine something sharp and witty here ......
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • I would expect it's a domain that has been specifically chosen because it looks like a file and that domain was used to deliver malware.
    c = pwisdom(x)|wisdom| = pwow(x)|wow| = plol(x)|lol| = pfacepalm(x)|facepalm| > 0
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • JalapenoJalapeno Frets: 510
    It's on this site ....
    Imagine something sharp and witty here ......
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • the raw domain doesnt resolve but d.txtsrving.info does with this:

    c:\tools>curl -v http://d.txtsrving.info
    * Rebuilt URL to: http://d.txtsrving.info/
    * Adding handle: conn: 0x20745c0
    * Adding handle: send: 0
    * Adding handle: recv: 0
    * Curl_addHandleToPipeline: length: 1
    * - Conn 0 (0x20745c0) send_pipe: 1, recv_pipe: 0
    * About to connect() to d.txtsrving.info port 80 (#0)
    *   Trying 50.19.105.231...
    * Connected to d.txtsrving.info (50.19.105.231) port 80 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.32.0
    > Host: d.txtsrving.info
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Content-Type: application/javascript
    < Date: Sun, 06 Oct 2013 10:06:11 GMT
    < Expires: Mon, 07 Oct 2013 04:00:00 GMT
    < P3P: CP="CUR ADM OUR NOR STA NID"
    * Server nginx/1.2.1 is not blacklisted
    < Server: nginx/1.2.1
    < Set-Cookie: dau_197fb66019b7c0a3339bffad6771977b=1381053971::0::0; Expires=Mon
    , 07-Oct-2013 03:59:59 GMT; Max-Age=64428; Path=/
    < Content-Length: 98
    < Connection: keep-alive
    <
    callback(64428,{"ccid":"Mansfield","cid":"GB","ip":"90.212.6.54","ppi":"1","zone
    id":0,"rid":"J9"})* Connection #0 to host d.txtsrving.info left intact

    c = pwisdom(x)|wisdom| = pwow(x)|wow| = plol(x)|lol| = pfacepalm(x)|facepalm| > 0
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • JalapenoJalapeno Frets: 510
    That's nice ......

    What on earth is it doing ?
    Imagine something sharp and witty here ......
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • Dunno, but that ip it references is my current ip. I think it might be one of those add servers that will try to serve me up pictures of "single ladies" near my location (which it has got spectacularly wrong)
    c = pwisdom(x)|wisdom| = pwow(x)|wow| = plol(x)|lol| = pfacepalm(x)|facepalm| > 0
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • JalapenoJalapeno Frets: 510
    Marked Untrusted

    Running deep scan ....
    Imagine something sharp and witty here ......
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
  • bertiebertie Frets: 1555
    its an IP /ISP source finder type thing.

    probably from the GCHQ  thread
    0reaction image LOL 0reaction image Wow! 0reaction image Wisdom
Sign In or Register to comment.