Thread: 7Timer Highjacked
View Single Post
  #8  
Old 09-06-2014, 01:44 PM
IanParr's Avatar
IanParr (Ian)
IP

IanParr is offline 		 
Join Date: Oct 2006
Location: MANLY, NSW
Posts: 5
7Timer Highjack??
This is the internet folks. It pays to be paranoid.

Until I know better my NoScript blocker keeps 202.127.24.18 firmly in my Untrusted list and I'll use Astro Panel on my Phone and monitor what's happening before using the 'new' 7Timer on my PC and I think for good reason.

Internet security starts and ends with the browser. If you have one tough password it should be on your browser and you need a good script blocker.

Using the command line and Tracert outside my browser 7Timer.com resolves as 31.170.160.98 and without reference to 202.127.24.18 in is trace.

In Firefox the URL is going to 202.127.24.18. That address traces eventually all the way without reference to an normally invisible PRIVATE address 192.168.2.2. Private Networks 10.0.0.0/172.16.0.0/192.168.0.0 should not be visible nor routeable over the internet).

Could be innocent lag while DNS Databases refresh for the name change but could be an attempt to open the door to your PC.

Unresolved name 202.127.24.18 ?

Tracing route to 202.127.24.18 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms NB604N.Home [192.168.1.1]
2 15 ms 14 ms 15 ms 10.20.22-15.tpgi.com.au [10.20.22.15]
3 17 ms 15 ms 16 ms 203-29-129-132.static.tpgi.com.au [203.29.129.132]
4 128 ms 127 ms 126 ms cstnet2-RGE.hkix.net [202.40.161.238]
5 128 ms 128 ms 128 ms 8.192 [159.226.254.213]
6 165 ms 166 ms 165 ms 8.198 [159.226.254.253]
7 167 ms 166 ms 167 ms 8.131 [159.226.253.53]
8 165 ms 164 ms 163 ms 8.206 [159.226.253.70]
9 187 ms 187 ms 187 ms 192.168.2.2
10 * ^C

One it gets to the so called Private address 192.168.2.2 it becomes untraceable which may its purpose.

However 7Timer.com outside my browser resolves as 31.170.160.98 and traces eventually all the way without reference to 202.127.24.18.

Tracing route to 7timer.com [31.170.160.98]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms NB604N.Home [192.168.1.1]
2 39 ms 15 ms 15 ms 10.20.22-15.tpgi.com.au [10.20.22.15]
3 16 ms 15 ms 15 ms syd-pwk-dym-csw1-tg-3-2.tpgi.com.au [203.26.20.17]
4 15 ms 15 ms 15 ms syd-pwk-dym-crt1-ge-4-0-0.tpgi.com.au [203.29.135.137]
5 15 ms 15 ms 16 ms syd-sot-ken-crt3-TG-12-3.tpgi.com.au [203.29.135.129]
6 16 ms 19 ms 19 ms 203-219-35-4.static.tpgi.com.au [203.219.35.4]
7 169 ms 177 ms 170 ms 10ge1-3.core1.sjc1.he.net [72.52.93.37]
8 177 ms 174 ms 174 ms 10ge2-1.core1.sjc2.he.net [72.52.92.118]
9 169 ms 170 ms 169 ms 72.52.80.74
10 176 ms 174 ms 169 ms bbr02snjsca-bue-6.snjs.ca.charter.com [96.34.3.2]
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 240 ms 239 ms 239 ms bbr01atlnga-bue-5.atln.ga.charter.com [96.34.0.36]
15 235 ms 235 ms 235 ms crr01sghlga-bue-3.sghl.ga.charter.com [96.34.2.71]
16 236 ms 236 ms 237 ms crr02sghlga-bue-100.sghl.ga.charter.com [96.34.73.93]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 247 ms 246 ms 247 ms ahvl.immedion.charter.com [68.115.192.218]
24 250 ms 250 ms 250 ms 67.23.161.157
25 249 ms 249 ms 251 ms 67.23.161.129
26 252 ms 250 ms 252 ms ashv1.main-hosting.com [208.69.231.10]
27 249 ms 249 ms 250 ms 31.170.160.98

Trace complete (eventually) .

I'm no IP or web expert and maybe Marc can comment, but I think this is wacky enough to deserve quarantine.

Ian Parr
Reply With Quote