Translate

1/25/2014

www.eldiamantis.com
"Rogue Affiliate Reveals $100m Loophole"
(PHISHING, SCAM & SPAM)


You need to see this...

It's the most important website you'll visit
this year.

Here's why...

On that site you'll discover about a new
automated system that exploits a $100m
loophole.

Now this system was put to the test and
here's the results...

From scratch it produced $4,264 in the first
7 days.

And on to generate $27,353 in it's first
month.

Now next is where this gets very interesting.

The momentum of this system grows and grows
and last month it earned a massive $221,555!

Yes... Almost a quarter of a million dollars
in a single month just a few months after
starting.

Just click below to watch a free video all
about this amazing new system...

http://imoffers.systemx.clicksurecpa.com


With $221,555 a month in profits I think
you understand why this website will be
the most important you visit all year... If
not the most important of your entire life.

You now have a VERY REAL chance to start
making some serious money online.

With this underground loophole you DON'T
need to worry about:

- Having an exiting website or blog

- Having lots of capital for investing
in advertising... Just a few dollars
needed

- Having any technical knowledge... It's
all explained in a simple step-by-step
process anyone can follow

And it doesn't even matter if you've
earned a single cent online before.

You can start from scratch today knowing
nothing and follow along to be making
money tomorrow.

In the test... $4,264 was generated in
the first 7 days.

Just visit the site now to get started
and watch the free video...

http://imoffers.systemx.clicksurecpa.com


Now the creators and guys who have been
testing this system are super confident
anyone can make this work.

THIS MEANS YOU!

So if YOU download the system and follow
it they're going to GUARANTEE your success

No joke!

If you don't make at least $1,000 in the
first 7 days then their going to hand
you a $500 for giving it a shot.

YOU CAN'T LOSE

Think about it, you can try it out and
the very worst case is you'll pocket
a $100 in a week.

BUT... Just think if you do just half
as good as what the test showed...

... You'd be pocketing over $2,000
this very week.

And around $14,000 in 30 days time.

... And with the growth momentum this
system has you'll be cashing in over
a million dollars in less than a year.

AND THATS IF YOU ONLY DO HALF AS GOOD
AS THE TEST RESULTS PROVED THIS SYSTEM
IS CAPABLE OF!

You really need to check this out and
download a copy while you can.

Click below to do it now:

http://imoffers.systemx.clicksurecpa.com


Regards

El Diamantis


POTENTIALLY MALICIOUS DOMAIN:
www.eldiamantis.com
  • https://www.virustotal.com/de/url/d34a9a3946b4b6ea780f93fba6b72ccebf6d9206ca93219e082417d1ac695c4f/analysis/1390660102/
  • http://urlquery.net/report.php?id=8988794
  • https://www.mywot.com/en/scorecard/eldiamantis.com
  • http://www.urlvoid.com/scan/eldiamantis.com/

Link shown in the Mail (3x):
imoffers.systemx.clicksurecpa.com
  • https://www.virustotal.com/de/url/ab3a5964037476981e23759423d85b4a118ab7c8ebac53daddf62cf429a47472/analysis/1390661644/

IP of imoffers.systemx.clicksurecpa.com: 78.137.119.93
  • https://www.virustotal.com/de/url/86d48e7997dc929a776bdfe5f0ab721d7b74bee3ebae2535efe9b167cff9f3a7/analysis/1390662412/
  • https://www.mywot.com/en/scorecard/78.137.119.93

imoffers.systemx.clicksurecpa.com REDIRECTS TO:
www.autocommissionsystemx.com
  The website was registered 28 days ago, surf with caution.
  • https://www.virustotal.com/de/url/a58a8b08388b1e554ccb4683ba479b660f479fc98c8e83078a55ae3f8af06ef2/analysis/1390661783/
  • http://www.urlvoid.com/scan/autocommissionsystemx.com/

IP of imoffers.systemx.clicksurecpa.com: 198.143.162.154

  • https://www.virustotal.com/de/url/e1c25855b8d97c544b059910e386735a892b8d5dc1203786df3dd373479e451e/analysis/1390663057/

IP is Listed at SPAMCOP:
  • http://www.spamcop.net/w3m?action=checkblock&ip=198.143.162.154

SCAM-Mail SCREENSHOT

INTERNATIONAL Online Child Predators: The Lost Boy Bulletin Board
(Part 5)


Jeffrey Greenwell

At the sheriff's office in Union, the Franklin County seat, Chuck Subke opens a red binder on a conference-room table. On the front it reads: "Sensitive information enclosed. Not for public release. Law-enforcement eyes only."

Inside is a 175-page document, entitled, "How to practice child love. Child love explained by professionals." Subke and the St. Louis FBI agent say the guidebook is much like the one on the Lost Boy forum, explaining everything from "risks involved" and "when to start/what age" up to "exploring the child's genitals" and "making love for the first time." This specific version incorporates a section called "Our Latest Project: How to kidnap children." It seems basically like a Wikipedia for predators.

One section points out a particular relevance to the Greenwell case. Its title: "Single parents and moms with kids.". The chapter begins with: "Unfortunately not all of us are blessed with children in our lives, as in having our own children, or children in the family," and "But do not worry, that is not a show stopper."

The handbook suggests advertising for dates on websites and in newspapers and limiting one's search to single mothers looking for long-term relationships. It states:

"The usual guy does not really like single moms with a lot of kids running around,". "So these moms are therefore suffering from the lack of men, love and self-confidence." 

Readers are encouraged to emphasize a mom's "inner values" during the romance.

The writer warns:

"We want to apologize in advance for this statement," & "The uglier and fatter the moms, the easier it will be for you to get into that family."

Brian Mize notes, that pedophiles are connecting more and more with their young victims via interest-specific websites, such as a youth soccer team's home page. Mize also says, that predators fine-tune their Facebook profiles, to match the interests of the kid they're targeting. The omnipresent smartphones these days, facilitates communication out of range of parents' prying eyes and ensures that video capability is just a click away.

FBI investigators say Jeffrey Greenwell relied on a consistent method to seduce boys: In nearly every instance, he sought out single mothers on online dating websites. He would romance a woman and spoil her son, frittering the boy with attention and gifts. After a while he would push the relationship to a more intimate level, taking the boy on trips to Six Flags or babysitting him and, finally, sexually molesting him.


Six Flags New England
"You're talking about "the best" predators ever," the federal agent from St. Louis stated.  

"Greenwell was very smooth-talking. He dressed normally. He wooed the heck out of the mothers. This wasn't 'the guy in the ice cream truck.'"

The agent points to a flow chart the investigators created to diagram Greenwell's various connections to molestation victims and their parents, as well as two suspected fellow pedophiles. He gestures to photos of four mothers and ticks off Greenwell's tie to each: "boyfriend, boyfriend, babysitter, coworker."

Subke and his partner from the FBI questioned their objective at the sheriff's office on the evening of Greenwells arrest.

Subke began, by offering Greenwell, age 37 at the time, a soda. After reading him his rights, the investigators explained that there had been some allegations made against him. At first the conversation was heading toward small talk.

Investigator: "Mr. Greenwell, what kinds of hobbies are you into?" 

Greenwell: "Scooby Doo, SpongeBob and playing Xbox."

Investigator: "What's your type, Mr. Greenwell? Guys or girls?"

Greenwell: "Guys. Young males, specifically - around eight to twelve years old. But I don't like hardcore sex images, as Society doesn't look too kindly upon adult males who like young boys."

Investigator: "Let's talk about child porn,".

Greenwell: "They're boring," 

His computer skills, Greenwell added in response to another question, were "beginner to low-intermediate." He said he had encrypted the contents of his hard drive "because of personal information."

The Federal agent asked about a framed picture of a boy he had seen on a wall in Greenwell's home: It appeared to be a formal school portrait. Greenwell explained that it was an old photo of a boy he'd been a father figure to.

After a while the investigators brought up the fourth grader who had described how Greenwell had sexually molested him. Eventually Greenwell admitted that he had fondled the boy's penis and photographed the experience.

But Greenwell didn't stop there.

Aware of Greenwell's affinity for Scooby-Doo, the investigators brought up the topic in the hope that he might be familiar with the "Scooby-Doo Productions" material that LA investigators had uncovered on Lost Boy. But instead of referencing those videos, Greenwell described a pornographic video a friend had sent to him - and also a non-pornographic video he had made, which featured the son of a coworker playing in a park.

"We didn't know what the hell he was talking about," said the Federal Agent. "So we played off of it."

"Yeah, tell us about those other videos," the agent prompted. At that point Greenwell abruptly opened up.

He admitted incorporating Scooby-Doo imagery into the home movie he'd shot in the park, featuring a boy he knew. He began spouting "computer lingo," as the agent puts it - saying he had used the Sony Vegas software to tag three other videos with his "Scooby-Doo Productions" .

He hadn't shot those videos, he said; they'd been sent to him by acquaintances. He said he'd obscured background details so as not to reveal where the videos had been made.

"Everyone knew him as 'the computer guy,'" the federal agent noted in afterthoughts. "If there was something in the background that identified someone, he would take care of it."

The detectives asked Greenwell who'd sent him the videos. One man was from New Hampshire, he said; another, who went by the screen name "SpongeBob," was from Utah. The investigators could hardly believe what they were hearing.

"LA was hot after 'SpongeBob,'" the FBI agent explains. When Greenwell offered up the man's name, Antonio Cardenas, "We immediately called LA, and Salt Lake started their investigation full-bore."

And Greenwell kept talking and admitting.

He also admitted that the framed photo on his wall was of a boy he had molested, and he told Subke and the agent where the boy's mother lived. He admitted that he was "Muddyfeet." He admitted to operating a child-porn message board of his own, called "aLL bois." He identified by name all of the boys in photos that had been sent from Los Angeles. He came up with the screen names of ten additional fellow porn traders.

After three and a half hours of questioning, minus a few breaks for cigarettes, Greenwell finally broke down.

Part 1:   
Part 2:   
Part 3:   
Part 4:   

Malicious Site: fajnstudio.sk
Trojan-Downloader.JS.Iframe.dfe (SLOVAKIA)



MALICIOUS SLOVAKIAN SITE:

fajnstudio.sk
  • https://www.virustotal.com/de/url/6080a9720496d74ed2f7cf7ca39c1f0174fb48a7b027f353df05490a328e26c1/analysis/
Trojan-Downloader.JS.Iframe.dfe
  • https://www.virustotal.com/de/file/c987bb6d76e73b69b2af05113351d0b6698b27bdece2d19da4a4fc2024ab70e0/analysis/1390646416/
fajnstudio.sk/files/e107.js
  • https://www.virustotal.com/de/url/fab21363cd2ec138bf54f8de642bfdbc6b4679f7dd2aa440da7148dbd5ae5551/analysis/1390646559/
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/2ba2ad81fea9972360841eb5c0b7af72dc746322c5d4e537a78850c76abd4b7e/analysis/1385071499/
fajnstudio.sk/plugins/lightbox/src/js/prototype.js
  • https://www.virustotal.com/de/url/1f5bb1db016f58c0d2a9429aa7d34f000bc141e275af39ff067aa36c7729ac24/analysis/1390646738/
Trojan-Downloader.JS.Iframe.dfe
  • https://www.virustotal.com/de/file/47199a74828ba83bb655f752009d97fd9aa171745f141c2cf676fcdca4772aac/analysis/
fajnstudio.sk/plugins/lightbox/src/js/plugins/lightbox/src/js/scriptaculous.js?load=effects,window
  • https://www.virustotal.com/de/url/24dda26f5c831da3016214d7e5a89fbe7ecad0b26e6978097fdb59c7f7ee6b83/analysis/1390647757/
Trojan-Downloader.JS.Iframe.dfe
  • https://www.virustotal.com/de/file/253fbfd313e53a10ab360f49dbe13fb6397c2f12d39d4459ac38349453ac1c03/analysis/1390647184/
fajnstudio.sk/plugins/lightbox/src/js/plugins/lightbox/src/js/lightbox.js
  • https://www.virustotal.com/de/url/43e5fedde352285d3eca1b64d2de40ae11d5c19bc7e19cf5dbfbaeeb46beb846/analysis/1390648131/
Trojan-Downloader.JS.Iframe.dfe
  • https://www.virustotal.com/de/file/2e01c9c9bbeb0099094565ecf2034de875f29a8604bd696154f98086c31f6c76/analysis/1390648230/
fajnstudio.sk/swfobject.js
  • https://www.virustotal.com/de/url/29fc821af1f7daeb1eb99c776e92dd77bfcc0ce02fb1e1e88fab8ba756f0c3af/analysis/1390648329/
Trojan-Downloader.JS.Iframe.dfe
  • https://www.virustotal.com/de/file/a2a19169ac59192e2bc88f5a9e91cac644d176b207a18ecbdd6d038668da0fc1/analysis/1390648416/



Apple Releases iTunes 11.1.4

Apple has released a security update for Apple iTunes 11.1.4 to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition.

For Details See:  http://support.apple.com/kb/HT6001



Todays Useless Website:
A Teacup full of Sugar




A Useless Cup of Sugar (Please): http://teacup.gopagoda.com/

1/24/2014

NEW MALWARE CODE:
Trojan-Clicker.HTML.IFrame.api & Trojan.JS.Agent.cfe & Trojan.JS.Agent.cff & Trojan.JS.Agent.cfg
found on
iprostate.org (FRANCE) & 89.161.179.50 (POLAND) & aixuaxoh.corpellis.com (FRANCE)






MALICIOUS DOMAIN INFECTED:
iprostate.org
  • https://www.virustotal.com/de/url/60a26b91beaa3f637236fd90c0337dbbbbca80eeef890fe65ccf4e08d1e47dcf/analysis/1390565063/


NEW MALICIOUS CODE: Trojan-Clicker.HTML.IFrame.api
  • https://www.virustotal.com/de/file/e985726550f1e3d0e509d7b137b0fb8e638e0206be3dac95aa3374b68b75f9c4/analysis/1390565399/
  • http://wepawet.iseclab.org/view.php?hash=95b6d14c905bb68bb00acc216aeee6ea&t=1390565037&type=js
  • http://jsunpack.jeek.org/?report=544ce445dec7f573fde5dbae940cf8e1a877d501
  • http://www.urlvoid.com/scan/iprostate.org/
--->
 
DOMAIN: (POLAND)
89.161.179.50
  • https://www.virustotal.com/de/url/3eb048bbc38acf47bc1fc56d6ba0bca27af49befb9501ba7e6217f1fd1f855a8/analysis/1390566648/
INFECTED WITH: JS:Includer-APY [Trj] & Trojan.JS.Blacole.Gen
  • https://www.virustotal.com/de/file/e7b478aeb97b77d2b7603ec9b3c01a67c9283b5773dc220fa181aec6b106502c/analysis/1390566981/
  • http://urlquery.net/report.php?id=8956027
  • http://wepawet.iseclab.org/view.php?hash=71f5f7a455f222fa3632d2fa5513d733&t=1390567166&type=js
  • http://jsunpack.jeek.org/?report=d0d24f41d2763479e8bdd80e573321b1495b3ee5

89.161.179.50/AC_RunActiveContent.js
  • https://www.virustotal.com/de/url/46559ae6b42b98f6a5636e639f20cf218a21dbe4e74bde08627368d5e4004efa/analysis/1390567518/
NEW MALICIOUS CODE: Trojan.JS.Agent.cfg
  • https://www.virustotal.com/de/file/8dd5ca26ad29dbb78104867199d67d6cf93115b3af206c434470d8f896c6df6b/analysis/1390567519/
SPECIFIC REMOTE LINK:
89.161.179.50/pub/MQZ11znP.php?id=27367098
  • https://www.virustotal.com/de/url/db69ece38e9a7d922b2fc7f4363d7c763e1f7393e7f60aeb049334e56b25324d/analysis/1390565939/

NEW MALICIOUS CODE: Trojan.JS.Agent.cfe
  • https://www.virustotal.com/de/file/da207e5f0c04455f4a759e81fa7930be4e92bff35786ac69fa647c31588bd0dd/analysis/1390565729/
--->
DOMAIN:
aahaimie.corpellis.com
  • https://www.virustotal.com/de/url/74b62220ddfd4194ec8353076c5a47dc6d75169cee68a0b1b04183042ea90971/analysis/1390566439/

SPECIFIC REMOTE LINK:
aahaimie.corpellis.com:8000/kbgvqiqyg?bwiossxvihjt=6621548
  • https://www.virustotal.com/de/url/716660bdafda01452ff3383dc54d57578b33620ce3f2b60c5a04b085262aa26b/analysis/


NEW MALICIOUS CODE: Trojan.JS.Agent.cff
 

  • https://www.virustotal.com/de/file/e7b478aeb97b77d2b7603ec9b3c01a67c9283b5773dc220fa181aec6b106502c/analysis/
--->

DOMAIN: (UKRAINE)
91.217.91.104
  • https://www.virustotal.com/de/url/600b14a0354cde620db64861fd6865d7395f8e3cbb744240c842ab09f01fb577/analysis/1390568047/
91.217.91.104//?id=1&se_referer=&charset=utf-8
  • https://www.virustotal.com/de/url/b1edaeb1d47b89d2747466822d49aba12752e79a004de1643bca1f70d03f7584/analysis/1390568170/
  -----------------------------------------------------------------------------------

OTHER DOMAINS INVOLVED


1) DOMAIN: (U.S.)
akmc-engg.com
  • https://www.virustotal.com/de/url/704c9b0de1bad345c1af1094c1f130a9e3af891aeb5e01aca4634e189ad2cb7f/analysis/1390568688/
SPECIFIC LINK:
akmc-engg.com/cO5hpbRz.php?id=27367098
  • https://www.virustotal.com/de/url/15901dee78bb8e1a89187df6e9482f84379cea7ba8f78d2fbb79755058286f19/analysis/1390568698/
  • https://www.virustotal.com/de/file/afee46604646db0e32c46dd0f423e1da7c2f9d2a2be31990ab287585f825ba83/analysis/1390566117/

----------------------------------------------------------------------------------- 

2) DOMAIN: (U.S.)
karocchio.eu
  • https://www.virustotal.com/de/url/fff4fdeb39bb94d2696dc08f21a116135f90045b60a1c634c48d6f75a9efc81d/analysis/1390569353/

-----------------------------------------------------------------------------------



3) DOMAIN: (ICELAND)
bobomo.mynumber.org
  • https://www.virustotal.com/de/url/315bdb1eaf95fcaeb3bf417a5185a4b1b7a69c888a133707df227201cd8c7921/analysis/1390569679/
Dynamic DNS URL
  • http://urlquery.net/report.php?id=8956217
  • http://www.urlvoid.com/scan/bobomo.mynumber.org/

----------------------------------------------------------------------------------- 

4) DOMAIN: (INDONESIA)
inez.co.id
  • https://www.virustotal.com/de/url/a3a8f91034a79665ee1a2c92c8a7d4dcb8536440f4acf9472c2a6650046c4445/analysis/1390570093/
  • https://www.virustotal.com/de/file/7212d36a24d79b733ee726e38c0db6734e4a55b290a2680504de57683ed49a07/analysis/1390570210/
  • http://www.urlvoid.com/scan/inez.co.id/
SPECIFIC LINK (INFECTED):
inez.co.id/edocus/tSB0NuE7.php?id=19034511
  • https://www.virustotal.com/de/url/17b184b7e0f250eda98b7314b3e2316a6540701029647b3814705fddbbde9c57/analysis/1390570447/
 
INFECTED WITH: HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/521de2e5d3c5140f17a06400840f7002bd2ec33f6e085171fc3df768efb4413f/analysis/1390570748/
  • https://www.virustotal.com/de/file/b671d0390dcde53d9b0fd1e0bd3a8b145409e57f58b00bc47d11c449037a7468/analysis/1390570733/
  • http://jsunpack.jeek.org/?report=d9152fba62fa51859e1955854a0a447e785e73c0

----------------------------------------------------------------------------------- 

5) DOMAIN: (FRANCE) Dynamic DNS URL
www.urofrance.org
  • https://www.virustotal.com/de/url/ad735bc21d8858b255a8688cd78c3d04ee7ccf483dfea7e0147a5b92915774f5/analysis/1390571126/
www.urofrance.org/congres-et-formations/calendrier.html
  • https://www.virustotal.com/de/url/de91fb23ff3add27e1b0b61c9e6a57043ffe33c927a4bd40201ed79e2ac0f03b/analysis/1390571128/
Dynamic DNS URL
  • http://urlquery.net/report.php?id=8956326
-----------------------------------------------------------------------------------

6) DOMAIN: (SWITZERLAND)
www.healthonnet.org
  • https://www.virustotal.com/de/url/ffe8ada5a6b6a7eca744223b20087bebb2fe5339ef3b9f983f2e38b62056dada/analysis/1390572210/
  • http://quttera.com/detailed_report/www.healthonnet.org
----------------------------------------------------------------------------------- 

7) DOMAIN: (FRANCE) - LINK TO iprostate.org found
www.spdesigner1.com
  • https://www.virustotal.com/de/url/aabf7f0ce3e2507fe39cf3a2d7c1488ec96e81bbec5899771bad3944845639e9/analysis/1390573845/
www.spdesigner1.com/js/carouFredSel.js
  • https://www.virustotal.com/de/url/87ff75c131dd793787cc905b4c86b65fa62cea025f29ce837efc9863bf003919/analysis/1390574236/
PUA
  • https://www.virustotal.com/de/file/babe4ebb46ac2dbe59de631e65409bd31133a3c48b0e3069d8543aed9af13f98/analysis/1386751724/
LINK FOUND TO: iprostate.org
  • http://www.UnmaskParasites.com/security-report/?page=www.spdesigner1.com

1/23/2014

Beware of such FAKE FACEBOOK PROFILE(s):
www.facebook.com/Gertruda
(PHISHING & MALICIOUS ACTIVITIES (BLOGSPYING AND -PROVOKING))


SUSPICIOUS TO MALICIOUS - FAKE FACEBOOK PROFILE: (PHISHING & MALICIOUS ACTIVITIES (BLOGSPYING AND PROVOKING))





www.facebook.com/Gertruda

https://www.virustotal.com/de/url/a1a5dc8ee81ab63a5e78376d7649cfa38290e74649389b01d0c1bffb85457f4e/analysis/1390505891/
https://www.virustotal.com/de/file/63179ad2dff2e4a1745f05650007bb54630c83c49127101bd474fa054144a64c/analysis/1390509908/


Gert ? Gertruda ?





Is this Gert...






...or is HE GERTRUDA ???


NEW MALWARE: Trojan-Downloader.JS.Iframe.dfe
found on
icecube.it (ITALY)






MALICIOUS SITE:

icecube.it
  • https://www.virustotal.com/de/url/b1e562e23de2c29cf5cb51b757d82edbdbd06edb3fc1da976db3cba00a046998/analysis/1390497005/

INFECTED WITH NEW MALWARE VARIANT: Trojan-Downloader.JS.Iframe.dfe

  • https://www.virustotal.com/de/file/35f74daecafa6897e66b8e8fa5dfb8940f65b50b9a6fc4aae32f6665583b3f40/analysis/1390496903/
  • http://urlquery.net/report.php?id=8948169
  • http://www.google.com/safebrowsing/diagnostic?site=icecube.it

---> REMOTE


DOMAIN POSSIBLY INFECTED:

tanersarf.com
  • https://www.virustotal.com/de/url/2db7836898435db551a3fbcd47db96c42551c4748788ea5facc6522e78bbb149/analysis/1390498334/

WITH: Script.Packed.IFrame.K@gen

  • https://www.virustotal.com/de/file/2478011b919e778e0eb30ac74fbc69f81f7a70ec4c7d15bdff3ac8e5dd32d470/analysis/1390497912/
  • http://jsunpack.jeek.org/dec/getfile?hash=84af/dca9f4cc27824fcb9650dbfd21dcdc2396c1

SPECIFIC GO:

tanersarf.com/counter.php
  • https://www.virustotal.com/de/url/feaf2c7858276ef6f6db59c8eef5219f448c135f9081e85f83a8e637d14dc604/analysis/1390498323/
  • https://www.virustotal.com/de/file/97865611a349e3922f252aa61369e2d82fa32598e8a416694c66986c758cf188/analysis/1390498052/



MALICIOUS DOMAIN: top100blogs.4you.cloudns.us
(PHISHING & Paid Links - Netherlands)





POTENTIALLY MALICIOUS DOMAIN:

top100blogs.4you.cloudns.us
  • https://www.virustotal.com/de/url/113d96e224923eceebeb484e92aacd0f6d929d81b79f014503a3c8276fb852e8/analysis/
  • http://www.browserdefender.com/site/top100blogs.4you.cloudns.us/
  • http://quttera.com/detailed_report/top100blogs.4you.cloudns.us
  • http://sitecheck.sucuri.net/results/top100blogs.4you.cloudns.us
  • http://www.urlvoid.com/scan/top100blogs.4you.cloudns.us/

1/21/2014

www.scalesexpress.com (United Kingdom)
POTENTIALLY SUSPICIOUS DOMAIN
Microsoft Internet Explorer remote code execution via option element






POTENTIALLY SUSPICIOUS DOMAIN:

Microsoft Internet Explorer remote code execution via option element
www.scalesexpress.com
  • https://www.virustotal.com/de/url/48d23059451f6289a371b36f14ae5a7dd254d945ba32294d67ef8f2dd8ab44ac/analysis/1390310938/
  • https://urlquery.net/report.php?id=8877127
  • https://urlquery.net/report.php?id=7605847
  • https://urlquery.net/report.php?id=7870025
  • https://urlquery.net/report.php?id=8182437
---------------------------------------------------------------------------------------------------------------------------------------------

MORE ABOUT THIS SPECIFIC THREAT:
http://www.iss.net/security_center/reference/vuln/HTML_IE_Option_Uaf.htm 

Facebook User of the Day: Kanizze Fatema Khuzeima (Who is SHE ?)

Is this Kanizze...?





Say Hello to Kanizze @:

Or THIS ? Same Haircut it seems.

1/20/2014

Category MALICIOUS DOMAIN & IP:
newquickonline.com & 66.111.239.213
"Comment Devenir Riche ?" (How getting Rich ?)
PHISHING, SCAM, SPAM


Salut, ce secret me rend malade
et je ne peux plus le garder pour
moi uniquement. J'ai donc decidé
de le partager avec vous, vous
allez découvrir comment des
centaines de personnes sont devenu
riche avec...

Ce système est très simple et un
enfant de 10 ans pourrait l'appliquer
sans aucune connaissance.

Allez je ne vous fait pas plus
attendre et je vous donne les
explications maintenant

Cliquez ici pour accèder au site>>>


Tenez-moi informe svp et si
besoin revenez vers moi.

How will i get rich...

Screenshot from newquick.blablabla SPAM-Mail
MALICIOUS DOMAIN: PHISHING, SCAM, SPAM
newquickonline.com
  • https://www.virustotal.com/de/url/8dc180690322fb938db7d494d01be61b662bd29f4bdf29833ba7ad15d15aeedb/analysis/1390244230/
HTML:
  • https://www.virustotal.com/de/file/faf4a27477bc73e59cb23ca28c0a2f7e8c0e687b380a14bf587118be749b52e0/analysis/1390244772/
  • http://jsunpack.jeek.org/?report=ec57c2558a8d13640f7875169e82616b25fab79e
newquickonline.com/unsubscribe.php
  • https://www.virustotal.com/de/url/995fa55fb73aa1d432a8a14dc9f517d0c8cb1ada8f5697b785f118f9fffce323/analysis/1390245841/
  • http://zulu.zscaler.com/submission/show/f38f148811a55cb99c4cc61af4b3b92c-1390244259
  • https://www.mywot.com/en/scorecard/newquickonline.com
  • http://www.urlvoid.com/scan/newquickonline.com/
LISTED AT SPAMHAUS:
  • http://www.spamhaus.org/query/domain/newquickonline.com
LISTED AT SURBL:
  • http://www.surbl.org/surbl-analysis
-----------------------------------------------------------------------------------------------------------------------------------

IP: 66.111.239.213
  • https://www.virustotal.com/de/url/7ea04d745a797e563f76710b1962e6d1c712eebead72ce2e17d17669a9cf1ebf/analysis/1390246347/
LISTED AT SPAMHAUS (SBL):
  • http://www.spamhaus.org/query/ip/66.111.239.213

Email Reputation: POOR
WEB Reputation: POOR

  • http://www.senderbase.org/lookup/?search_string=66.111.239.213


1/19/2014

Ohh my Goodness !!! Video !!! Bamboleo !!!


Check this Video: https://www.facebook.com/photo.php?v=1579042563816



Just another Spam from: www.ratgeberplatz.com:
„Attraktive Singlefrauen suchen Sie, Herr“
(„Attractive single women are looking for you, Mister“)
Germany (Düsseldorf)

English:


www.ratgeberplatz.com is a Spamdomain. Just delete those mails. Do not click "unsuscribe Newsletter". If you do so, they only will register that you have read the Mail, and Spamming will become worse ! See Screenshot.

Related Posts:

Just another SPAM SCREENSHOT from ratgeberplatz.com...


Für Deutschsprachige Leser:


www.ratgeberplatz.com ist eine eindeutige Spamdomain. Diese Mails sollte man getrost löschen. Bloss nicht auf "Newsletter abbestellen" klicken. Das einzige was anschliessend geschieht, ist dass sie von dieser Domain noch mehr Spam geschickt bekommen, da sie sich durch ihren Klick preisgegeben haben, und die Domain ratgeberplatz.com nun weiss, dass sie die E-Mail gelesen haben! Siehe Screenshot.

Verwandte Artikel: 

NEW MALWARE: Exploit.JS.Agent.bnu
found on
www.cretosocostruzioni.it (BLACKHOLE ITALY)



NEW MALWARE found on:
www.cretosocostruzioni.it
  • https://www.virustotal.com/de/url/56d645fd54a3131e943fffc38c7d8d2b08708d7fea96a0359b706e41c10b40ed/analysis/
INFECTED: Exploit.JS.Agent.bnu
  • https://www.virustotal.com/de/file/7fdbf0bce169b0e2ab441fda2d63ac7d7b114b85ec0dff12e509f074150d9f2d/analysis/1390128259/
www.cretosocostruzioni.it/online
  • https://www.virustotal.com/de/url/f2c0777c24805a398d42e4b2fcee5ff98fbd375a42482aac2c019334536fc97b/analysis/1390129080/
INFECTED: Exploit.JS.Agent.bnu
  • https://www.virustotal.com/de/file/742113b12396661ca1c2d2796834169e5543624111f75308b5ef1796d80634d1/analysis/1390128250/
81a338 (BLACKHOLE)
  • https://urlquery.net/report.php?id=8882516
---> REMOTE(s)

DOMAIN:
lanotfo.com
  • https://www.virustotal.com/de/url/6ff7f2d41dd24b4613f5c7f2ddf8045fb0cf966e530535a171dc971168a03bdb/analysis/1390129287/
lanotfo.com/exit.php
  • https://www.virustotal.com/de/url/418aefb901fd9cef797a1419bd4c3b82f15eab2e5fac9688998f3ce1cee83775/analysis/1390129281/
DOMAIN:
gylaqim.com
  • https://www.virustotal.com/de/url/fc04abfc736f83c76d968a82259c71d4382cbb895c2f50e15d345948c08541a9/analysis/1390128973/
gylaqim.com/exit.php
  • https://www.virustotal.com/de/url/fa57933bb759bbb97a034a0ff3ecf1563a51474ad5795f06949b746e58bc6986/analysis/1390128981/
----------------------------------------------------------------------------------------------------------------------------------------------
OTHER RESULTS:
  • http://app.webinspector.com/public/reports/19564893
  • http://wepawet.iseclab.org/view.php?hash=334dfbfddf5c8dd2e23083b3665eb265&t=1390127730&type=js
  • http://zulu.zscaler.com/submission/show/11e7b4c701fdd5cc9d49ceff4e6c058d-1390127849



Malicious U.K. Site: secure.rocketdlgo.com
POTENTIALLY MALICIOUS DOWNLOADS (PUA)


MALICIOUS DOMAIN: MALICIOUS DOWNLOADS (PUAs)
secure.rocketdlgo.com (LONDON)
  • https://www.virustotal.com/de/url/36ed680720c344c20d4265de97ffc49efd5c3932f21ef54938b5e260b55f66f1/analysis/1390121354/
MALWARE (PUA) LINK (out of many):
secure.rocketdlgo.com/nsi/nsis-html/Microtraffic_5485.exe
  • https://www.virustotal.com/de/url/fdb52ef1459d2cd2c98423e3f6cb0915b4ce2b0621a190257901013bdeefa7f2/analysis/1390121715/
INFECTED: Win32/InstallMonetizer.AG
  • https://www.virustotal.com/de/file/ca51c74ae63a852388ffa13f842a6c4e7b3d32be8afedb49705aaf837a2ea54a/analysis/1390121994/
  • http://www.urlvoid.com/scan/secure.rocketdlgo.com/
  • http://zulu.zscaler.com/submission/show/dfc38710b3e03079599ec5cb922e7113-1390121373

For additional Info see:

http://malwaretips.com/blogs/pup-optional-installmonetizer-a-removal/

Category MALICIOUS IP: 87.106.63.20
SPAM MAIL SERVER - GERMANY







MALICIOUS IP: SPAM MAIL SERVER - GERMANY

87.106.63.20
  • https://www.virustotal.com/de/url/8dd6dacfed6ef9746f7419084b198ef72dd8743110b9e8d302b8d377848f991f/analysis/1390119928/

Email Reputation: POOR
Spam Level: CRITICAL

  • http://www.senderbase.org/lookup/?search_string=87.106.63.20
  • http://psbl.org/listing?ip=87.106.63.20
  • http://www.ipvoid.com/scan/87.106.63.20