Translate

2/01/2014

U.S. Cities and Towns:
Sapinero, COLORADO
(Ghosttown/Unincorporated Community)

Sapinero was originally on the north bank of the Gunnison River, one mile north from its present location (just downstream from the mouth of Soap Creek). Sapinero was originally a stop on the Denver & Rio Grande Railroad's narrow gauge main line between Denver and Salt Lake City. Eventually, a standard gauge route supplanted the Gunnison line, and the narrow gauge's final abandonment came in 1955. In about 1963, when Blue Mesa Dam was built on the Gunnison River below Sapinero, the town was moved and re-established in its present location, prior to the area's inundation by the water of Blue Mesa Reservoir.

Blue Mesa Reservoir, Colorado's largest man made lake. Sapinero at upper right.


THE NAME SAPINERO

When travel in the area was by foot, horseback and wagon, travelers headed west from Gunnison did not have too many obstacles caused by the terrain. When the trail was not following close to the river, the hills were neither too steep nor too long to stop the travelers. However, this easy travel ended 26 miles west of Gunnison. At that point the Gunnison River plunged into the narrow depths of the Black Canyon. Steep rocky slopes and sheer granite walls plunging to the waters edge made continued westward travel along the river impossible. Travel along either rim of the canyon was difficult and often blocked by smaller canyons where tributary streams joined the river. The western end of the valley at the upper end of the Black Canyon was a natural place to stop and to rest before the journey was continued. The little settlement that grew there eventually became known as Sapinero.

Links for more information and Pictures on Sapinero:

PEDOPHILE FACEBOOK USER: Jason Burnash from Rensselaer
NEW YORK, sentenced to 60 months Prison
(20.000 images of child porn found on Rensselaer man's computer)

 
His MySpace Profile: https://myspace.com/jasonburnash


His Facebook Profile: https://www.facebook.com/jason.burnash/about


Police arrest a Rensselaer man, after finding thousands of child pornography images on his computer. Our Erin Connolly has more on why officials are saying cases like this one are unfortunately not out of the ordinary.

RENSSELAER, N.Y. -- Police say he had more than 20,000 images of child porn downloaded and stored on his personal laptop. And after a month long investigation with the FBI, Rensselaer Police arrested Jason Burnash, 30, on Monday. Although they didn't investigate this particular case, New York State Police say these situations are becoming all too common.

Lt. Joseph Donahue of the New York State Police said, "The problem we're having is it's so prevalent it's happening in our neighborhoods. This is not a sin city type of crime. It's not just big urban areas like New York City or Los Angeles, this is a rural America issue as well."

Burnash is charged with possessing an obscene sexual performance by a child, which is a class E felony. Lieutenant Donahue says studies have shown that a number of people who collect child porn go on to become sexual offenders.

Lt. Donahue said, "Not everyone who looks at child porn will go out and victimize a child, but if one does, that's too many."

As Rensselaer police continue to investigate Burnash's case, state police say those producing the pictures need to be held accountable as well.

Lt. Donahue said, "Another thing to think about is in order to have these pictures, a child under 16 engaged in a sexual act, there had to be a real child less than 16 engaged in that sexual which is child molestation, child rape. And then someone took a picture of it which affects them forever, ever and ever."

Burnash is in the Rensselaer County jail without bail. His next court date is March 4th and more charges could be pending. If you have any information about Burnash, you're asked to call Rensselaer Police.



SOURCES: 

  • http://albany.twcnews.com/content/news/535085/detectives--20-000-images-of-child-porn-found-on-rensselaer-man-s-computer/
  • http://www.timesunion.com/local/article/Child-porn-charges-lodged-1036014.php
  • http://www.fbi.gov/albany/press-releases/2012/rensselaer-man-who-received-child-pornography-sentenced

MALWARE: zorder.co.nz
INFECTED WITH: HEUR:Trojan.Script.Generic
(TrojWare.JS.TrojanDownloader.Iframe.MAD) United States


MALICIOUS DOMAIN: TROJAN SCRIPT



SCREENSHOT OF SCRIPT
DOMAIN:
zorder.co.nz
  • https://www.virustotal.com/de/url/51c428d8f76369716dfd470c39b02befd1f4b3a2cc1cbbc5d4047e15a814769d/analysis/

MALICIOUS URL (SCRIPT):
zorder.co.nz/js/jquery.anchorScroll.js
  • https://www.virustotal.com/de/url/bde3af1fc4072773b904173f89dba6ccfc3760390fc0482cec0b782bd3570a68/analysis/

INFECTED WITH: HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/f5881bd0bf3a8af23cc88f2d00096ee5c1e67f56be5b0adc9679a3570058623f/analysis/1391277589/

ADDITIONAL INFO:
  • http://app.webinspector.com/public/reports/19840092
  • http://jsunpack.jeek.org/?report=57f974f0b6eb671bf48be8d546e55b46ceba45b3
  • http://zulu.zscaler.com/submission/show/790880c97012d751aae8bdd695b40ae7-1391277900

NEW MALWARE CODE:
Trojan.NSIS.StartPage.ed (CHINA)
MALICIOUS DOWNLOADS Domain:
keaitz.com


MALICIOUS SITE: (Nullsoft Scriptable Install System FROM: CHINA)


DOMAIN:
keaitz.com
  • https://www.virustotal.com/de/url/9b81a505362c1aab403292563a9360f72e8e076fd83794ef36faeb29181ebdf2/analysis/1391274035/
1390472709.keaitz.com
  • https://www.virustotal.com/de/url/d3940fe84e654ea2d17c7d219ae53ca86be9b66d1474683ae0596ed5c8d57f8c/analysis/1391272982/
  • https://www.virustotal.com/de/file/a77b681a6138fdcc50c8be703ee1637fc60f1f90a47f6ba09b1539371ac6f60e/analysis/1391272594/


SPECIFIC LINK:
1390472709.keaitz.com/chat/raffle/raffl.exe
  • https://www.virustotal.com/de/url/510a6e03aa6c4b786a33d25f7d48d2b0c76d16726e2efa83b531137b09fb5651/analysis/1391272314/


INFECTED WITH: Trojan.NSIS.StartPage.ed
  • https://www.virustotal.com/de/file/cb99213503ed1f23bdcca1ef9b95ac1b423036dba3e5f8bbd68743b7dcdb98fe/analysis/

SEE ALSO:
  • http://app.webinspector.com/public/reports/19839594
  • http://zulu.zscaler.com/submission/show/b57c16e6dd5a128c923b1b0555949636-1391272426
  • http://anubis.iseclab.org/?action=result&task_id=1f72b554221efb114f53fcb4a82d166f0&format=html
  • http://www.urlvoid.com/scan/1390472709.keaitz.com/

SCREENSHOT OF DOMAIN (403)

FOR MORE INFO ON THIS THREAT, SEE:


www.visonic.com & www.visonictech.com &
www.dhtml-menu-builder.com & elpas.com

MALICIOUS DOMAINS INFECTED (Directly or Indirectly)
BV:StartPage-FY [Trojan]

visionic.com

MALICIOUS DOMAIN: HIDDEN LINK & BV:StartPage-FY [Trojan]
www.visonic.com
  • https://www.virustotal.com/de/url/f78e05cce3d42b2e2af2d9b77e333ddf02f255b3bcdf3633a2b4301fe7cfaf73/analysis/1391264633/
HTML
  • https://www.virustotal.com/de/file/e351123b15e39ce42e458fe0ce173a3dae67e6d2e332583eee0b4542a8a0ebc4/analysis/1391264778/
  • http://www.UnmaskParasites.com/security-report/?page=www.visonic.com
www.visonictech.com ---> redirects to elpas.com


HIDDEN LINK TO:
www.visonictech.com
  • https://www.virustotal.com/de/url/bb123e45066579186a9eee70d00a7314d58bb6dd707e8a810b26c94676152ae4/analysis/1391265169/
SPAM LINK (VIAGRA):
  • http://www.UnmaskParasites.com/security-report/?page=www.visonictech.com
dhtml-menu-builder.com

TO:
www.dhtml-menu-builder.com
  • https://www.virustotal.com/de/url/8067736540845fba3def863c89bc850f5ffb0a9d718793973034a7d79021121e/analysis/1391265583/
SPECIFIC MALICIOUS LINK:
www.dhtml-menu-builder.com/include/js/ie6-png.js
  • https://www.virustotal.com/de/url/8e1fbb8ba1b128744dbb94db5a9494af8e357ef88b047044cb261bae892d4128/analysis/1391266171/
INFECTED WITH: BV:StartPage-FY [Trj]
  • https://www.virustotal.com/de/file/66da12165f89ac7a2a330ed8d75288f3c3aeb98b3ce019c890ee1b06a3a48c6f/analysis/1391265996/
  • https://www.virustotal.com/de/file/c3504e6c4b8bf4c1f8bbb265bbdba23270ce5a593f124e38fe65214e4a4b88e2/analysis/1391266028/
REFERENCE & FILE(s):

  • http://jsunpack.jeek.org/?report=eb47e3a23a0f713fe37fb08bdc85ba42651ff26c
buysoftviagra.com

VIAGRA LINK:
buysoftviagra.com
  • https://www.virustotal.com/de/url/a71b8be18ba11c82b6dc425316a7b2c5d2e8766d2c198db755be4494e18d934d/analysis/1391265844/

AS WELL INVOLVED:
elpas.com
  • https://www.virustotal.com/de/url/eef5935a084f5ae84fa9ed3cc936df3531d37802cdef07a8fdc5b7f55e9d0dc4/analysis/1391266776/
  • SEE: http://jsunpack.jeek.org/?report=a8c2e01dc1da2d7ecd26be013ef04799379b3970
SEE ALSO:
  • http://sitecheck.sucuri.net/results/www.dhtml-menu-builder.com
  • http://sitecheck.sucuri.net/results/buysoftviagra.com
  • http://quttera.com/detailed_report/www.visonictech.com


PHISHING: Vier gute Gründe Mitglied zu werden (Ruby Palace) www.krubylotclub.com
Casino, Gambling
(PHISHING, SCAM, SPAM)








Wir von Ruby Palace wissen, was unsere Mitglieder am meisten schätzen und tun immer unser bestes, ihnen jeden Wunsch von den Augen abzulesen.

Dies bedeutet, sicherzustellen, dass wir Ihnen ein unglaubliches Casinoerlebnis bereiten. Hier ist ein Vorgeschmack auf die tollen Dinge, die Sie erwarten, wenn Sie ein Mitglied im Ruby Palace werden:

1.      Ein 200% Willkommensbonus, der Ihre erste Einzahlung verdreifacht.
2.      Mehr als 400 Premium-Casinospiele
3.      24/7 Kundenservice und schnelle & einfache Banking-Methoden
4.      Eine Auszahlungsquote von mehr als 97%

Melden Sie sich heute an, um von allen diesen exzellenten Vorteilen zu profitieren.

http://www.krubylotclub.com/

Alles Gute
Please notice that most of all those Mails that include "Ruby" (Example), are connected to Gambling Sites who want to "steal" your hard earned money in many different ways. You will ALWAYS lose. Consider going to a "real" Casino, instead of gambling online, although the chance losing more money than gaining it is potentially low as well. "Ruby"-Mails are not only SPAM but as well Scam, Phishing, and downloads of Malware (Riskware). These domains rarely last more than a month and they change the name again. Ignore & delete those Mails and the included links. Otherwise you will be set onto a potential Risk, damaging your PC.

Mail from www.krubylotclub.com

Bitte beachten sie dass sogut wie alle E-Mails die im URL den Namen "Ruby" (Beispiel) enthalten und die im SPAM-Ordner liegen (oder auch nicht), in Verbindung stehen mit (zum Teil illegalem) Glücksspiel (Online-Casinos), die nur darauf bedacht sind ihr hart erworbenes Geld aus der Tasche zu ziehen. Wenn Sie aber unbedingt "zocken" möchten, wäre es ratsamer ein echtes Casino zu besuchen. Obwohl man dort im Normalfall auch, eher ärmer als reicher dieses verlässt. "Ruby-Mails" stehen nicht nur mit SPAM im Zusammenhang, sondern auch mit SCAM, Phishing und schädliche Downloads von schädlicher Software (ganz oft werden diese schädlichen Downloads ohne Wissen des Besuchers) auf den PC heruntergeladen. Am besten ist man meidet diese Sites, ansonsten könnte ihr PC beschädigt werden.

DOMAIN:
www.krubylotclub.com
  • https://www.virustotal.com/de/url/e0430bd5da60f34a52b77962ff8db3f58db3de15e0ac81a4ed7bf867e2805077/analysis/1391263051/
unsubscribe.krubylotream.com
  • https://www.virustotal.com/de/url/a318f68f910e57cb8578128b707107060b92ad451f98809bf4f102ed81567733/analysis/1391263054/
------------------------------------

LISTED AT SURBL:
  • http://www.surbl.org/surbl-analysis
SEE ALSO:
  • https://www.mywot.com/en/scorecard/krubylotream.com

1/31/2014

U.S. Cities and Towns:
San Bernardino, CALIFORNIA
(City on the Move)

San Bernardino's colorful history begins in the early years of the 19th century. Spanish missionaries were the first settlers to the region. They chose the fertile valley at the foot of a majestic mountain range as an outpost for other missionaries who traveled throughout the California territory preaching to the various Indian tribes.


Tradition has it that Father Francisco Dumetz made his last trip from Mission San Gabriel to the San Bernardino Valley and on May 20th, 1810, set up an altar in a planned effort to convert the Indians living there. Padre Dumetz named the area "San Bernardino" after Saint Bernardino of Siena, the patron saint of the day on the Catholic Calendar.

In 1819, Mission San Gabriel established Rancho San Bernardino in the area. The main concern of the missionaries was the spiritual welfare of the Indians, but they also took a part in their material well being, showing their peaceful friends how to bring water down from Mill creek and the best ways to plant and irrigate crops. As the mission flourished, so did the Indians.

Official City Link: http://sbcity.org/default.asp

The Santa Fe Station and Harvey House in San Bernardino


baliwirama.com
NEWLY DETECTED MALWARE SITE FROM INDONESIA
Infected with: JS/Agent.NKW



MALWARE SITE: JS/Agent.NKW (INDONESIA)
baliwirama.com
  • https://www.virustotal.com/de/url/dbc20c54922fb960055179e0aa8265d0a54b3ece538884d44af3bf19f60f6b64/analysis/1391188710/

INFECTED WITH: JS/Agent.NKW
  • https://www.virustotal.com/de/file/f797dc468d8b6c3bd7f7289da9460634b9760d267efd8a62f160d4d43e66eca4/analysis/1391189355/
  • https://www.virustotal.com/de/file/a242aac8cef9c83b268245fc66798230e4ad477e1c4d124996a8741180d0d411/analysis/1391190176/
  • http://jsunpack.jeek.org/dec/getfile?hash=346e/58b83054013e0939980028cad3726695a957
  • http://app.webinspector.com/public/reports/19817951
  • http://sitecheck.sucuri.net/results/baliwirama.com



IP:
101.50.1.27
  • https://www.virustotal.com/de/url/15c15f75ada5333d59d57b50fca49cd53f32c23f81292942f03a9ed132948ffb/analysis/1391190377/
Bad Host Appearances: 15
  • https://www.projecthoneypot.org/ip_101.50.1.27
  • https://www.virustotal.com/de/ip-address/101.50.1.27/information/

adrfish.com
PHISHING, SCAM, SPAM SITE:
"Recevez de l'argent pour repondre a des email"
("Receive Money for answering E-Mails") (COSTA RICA)

J'ai decouvert un concept tellement incroyable que
vous n'allez pas en revenir tellement il est simple de
faire de l'argent depuis le confort de son domicile.

Description de votre journee de travail:

-Vous verifiez vos mails depuis votre ordinateur.
-Vous recevez automatiquement 49,90EUR par mail.
-Vous faites suivre les informations contenues dans le Pack

Et c'est Tout!

Rendez-vous maintenant sur cette page
http://adrfish.com/link.php

Gros revenus possible si travailleur.
Screenshot Phishing Mail


MALICIOUS PHISHING, SCAM, SPAM DOMAIN:
adrfish.com
  • https://www.virustotal.com/de/url/1ba30caae863c2e2161a960bc415e1e24f396d623337aa2e295a650ea604333f/analysis/1391182156/
LISTED AT SPAMHAUS:
  • http://www.spamhaus.org/query/domain/adrfish.com
LISTED AT SURBL:
  • http://www.surbl.org/surbl-analysis
SEE ALSO:
  • https://www.mywot.com/en/scorecard/adrfish.com
  • http://www.urlvoid.com/scan/adrfish.com/
IP:
181.174.168.10
  • https://www.virustotal.com/de/url/2040501af8a661b329843b3c3791d3a622243dc219a5a5a906b8de52d4539968/analysis/1391184275/
IP LISTED AT SPAMHAUS:
  • http://www.spamhaus.org/query/bl?ip=181.174.168.10





www.evensi.com
PHISHING DOMAIN for Facebook data (ITALY)

PHISING DOMAIN:


www.evensi.com
  • https://www.virustotal.com/de/url/7cf7ebcbf5bca37ad35d9e4a834aaececb7c63124cc899f41a452ca8b1aaa70f/analysis/1391182438/

IP:
149.3.145.97 
  • https://www.virustotal.com/de/url/3eea87e1338e148f193adbe50f76cd36a0fbefea6fc8b7282055d7b5c3d2b992/analysis/1391183069/

  • https://www.virustotal.com/de/ip-address/149.3.145.97/information/


Fwd/Rev DNS Match: NO

  • http://www.senderbase.org/lookup/?search_string=149.3.145.97



1/30/2014

U.S. Cities and Towns:
The Town Of Fort White, FLORIDA
(Home Of The Ichetucknee River)

The Town of Fort White, named for a former Second Seminole War fort built nearby in 1837, was founded in 1870 and flourished briefly after the arrival of the railroad in 1888.


Phosphate mining and the growing of citrus and cotton sparked a boom that before 1900 made Fort White the second largest city in Columbia County with a population of nearly 2,000. The boom collapsed when severe freezes in the winter of 1896-1897 destroyed the local citrus industry.

Phosphate mining ceased by 1910, and the boll weevil ended cotton farming before World War I.

A handful of historic buildings, such as the Old Fort White School (1915) remain from the town's era of prosperity.

Official Town Link:  http://townoffortwhitefl.com/



MARYLAND Online Child Predators 1995 - 2012:
Matthew David Sluss sentenced to 33 years in prison (Guildsolutions)

Matthew David Sluss aka "guildsolutions" had some time in his life, where he never thought he could be gay, until he endeavoured into the World-Wide-Web when knew for sure he was (gay) - when he has received a picture of a 14 year old boy - right there he was obsessed. He went on collecting these kind of photographes, by encrypting his CPU so that he would never be found. Disastrously for him, he was negligent in his attitude of login information, so finally his pictures were cought.

Matthew David Sluss
In 1995, Sluss was charged in Maryland for possession of child pornography. He was shocked to learn that he gets into trouble by possessing old photographs of naked and molested children that he never had contact with nor didn't even know them. Additionally he was also charged with intent to deliver child pornography as with fourth degree sexual assault. Having reached a plea deal with the prosecutors at the time, he received 18 months on probation and was ordered to obtain counseling and stay away from children.

Eric C. Hagen
Later in his life, Sluss moved to the state of Arkansas (possibly to leave behind his shock and prisonal past) and stayed with some other like-minded pedophile buddy. His dream about starting a new life with the old behaviour, has not turned out as the way he thought it would. But something in some moment provided him with the opportunity to befriend some neighborhood children who were being severely neglected, some common pedophile rationalization. Trying to establish the best he could in Arkansas, he decided to returned home to his native Maryland. Back home he learned, that he was wanted by Law Enforcement in Arkansas for the sexual abuse of those neighborhood children he had befriended, and was arrested and put to jail.

Meantime, Sluss continued to interact with children, even though it was expressly against the conditions of his Maryland conviction for child pornography. Upto that very day, Sluss continued to interact with children, having taken a trip with at least two of them and some other adult pedophile, Eric C. Hagen, aka "Stewedsquirrel" from Aurora, Colorado, in July of 2006, as evidenced by the photo gallery on his former blog - (blog.guildsolutions.com - Site is down). It is believed that Sluss and Hagen were roommates in Colorado at the time.

Jim Finn
Matthew Sluss also had another interesting connection to the pedophile world. In addition to the above, he also used to be a friend-of-a-friend of Jim Finn, aka Jimf3. Finn has been arrested for possession of child pornography.

Sluss had been working in the IT profession (he holds an associates degree in computer science from Allegany College of Maryland), he owned an internet hosting service at www.guildsolutions.com.

Besides the child pornography charges, Sluss was formerly been charged with unlawful possession of a credit card number, being in receipt of a stolen credit card, receipt of a credit card unlawfully, being a fugitive from justice (the Arkansas incident), child abuse by custodian, battery and theft.

On March 12th, 2012, U.S. District Judge Ellen B. Hollander sentenced Matthew Sluss, age 36, of Rawlings, Maryland, to 33 years in prison followed by lifetime supervised release for advertising child pornography through an Internet file sharing program. The sentence was announced by United States Attorney for the District of Maryland Rod J. Rosenstein.



Ellen L. Hollander
“Two prior convictions for sexually abusing children did not deter Matthew Sluss from using the Internet to contact other pedophiles and produce child pornography, so now he will spend most of his remaining years in federal prison where he will pose no danger to children,” said Rosenstein.

According to his plea agreement, Sluss had previously been convicted of two offenses related to the sexual abuse of two minor boys and was required to register as a sex offender.

Sluss was a widespread Internet user of a publicly available peer-to-peer file sharing network and was involved in the advertising and distribution of child pornography. According to his plea, in 2009, the FBI Philadelphia Division began an undercover investigation into a user of a file sharing program, later identified as Sluss, who was sharing more than 115.000 files.

Rod J. Rosenstein
The FBI browsed through the content of the shared files and observed child pornography images and hundreds of videos with titles symbolic to child pornography.

During November and December 2009, the FBI downloaded 108 images and one video that contained visual illustrations of minors engaging in sexually explicit conduct. At that time, Sluss was residing in Denver, Colorado and a search warrant was executed at his home.

Law enforcement seized multiple computers and hard drives from the residence. Sluss advised the agents that he was previously employed as a network administrator, and that he hosted his own mail server and website, so, according to Sluss (seems like a make-believe), all of the data on his computers and hard drives was encrypted to protect the “documents” and prevent anyone without the appropriate password from viewing the files. A forensic review of the computers and hard drives revealed that much of the data was encrypted.

By February 2010, Sluss had moved to his parents’ home in Rawlings, Maryland, and on February 8th, 2010, registered as a sex offender with Maryland’s Sex Offender Registry, as required due to his previous convictions.

In spring and summer 2010, five separate law enforcement officers working in an undercover sting, determined that Sluss was downloading and sharing large amounts of child pornography over a publicly available file sharing program. The FBI’s Baltimore, Buffalo, Miami, and Sacramento Divisions, as well as the Toronto, Canada Police Service, all downloaded child pornography being shared by Sluss over the Internet. Video surveillance was conducted at Sluss’s residence in August and September 2010, during which Sluss was observed sitting at his computer in his bedroom, using the file sharing program and downloading images and videos of child pornography.

On September 15th, 2010, the FBI executed a next warrant at the Sluss home. Just prior to the execution of the warrant, Sluss was observed sitting at his computer in his bedroom using the file sharing program. As agents entered the residence, Sluss attempted to block the agents’ entrance at the kitchen door. As the agents began to enter, Sluss ran towards his bedroom (like a little child), where he was stopped by an agent who entered the residence through Sluss’ bedroom window.

When law enforcement agents viewed Sluss’s computer, the computer was logged onto the file sharing program and investigators were able to view the recent chat history between Sluss and his pedophile socalled “friends” on the file sharing program, as well as to access much of the data on Sluss’s various PCs.

One of the computers wired to Sluss’ bedroom was located in the rear of the crawl space under the first floor of the residence. Investigators were able to view and copy most of the data contained on this computer, which revealed over 25.000 files containing images and video of child pornography. One of the computers in Sluss’s bedroom contained much encrypted volumes.

According to the plea agreement, the file sharing program used by Sluss contains a “chat” feature that allows the user to communicate with others who use the program either through “private” or “public” chats. A review of Sluss’ computer revealed numerous chats from Sluss using the file sharing program in which he encourages the production, transportation, and distribution of child pornography. Specifically, Sluss encouraged his pedophile “friends” to make videos of boys engaged in sexually explicit activity by webcam, and share those videos with Sluss.

For example, in early September 2010, Sluss posted the following messages:

  • “I don’t want teens... But I’m not giving out the private shares unless I get similar back... preteen...”
  • “And again, im looking for stuff that is very recent. im spending HOURS each day... getting boys to go private for me i want the same.”

SOURCES: 
FBI
http://www.baltimoresun.com/
http://www.thebaynet.com/
http://evil-unveiled.com/
http://usatoday30.usatoday.com/

Category MALICIOUS IP: 87.106.142.17
PHISHING & SPAM MAIL SERVER - GERMANY


EXAMPLE


MALICIOUS IP (MAIL SERVER): BEING USED FOR PHISHING
87.106.142.17
  • https://www.virustotal.com/de/url/f2897cfdf793e51f81e995aef1a48b3751546f698727e72da60f480f8c8d438a/analysis/1391096503/
HTML
  • https://www.virustotal.com/de/file/777d10257ab159c11dac1feac1a2e2b648af9361ef0da6267247be5e499c638d/analysis/1391096602/
--------------------------------

MAIL EXAMPLES SENT FROM THIS IP:
  • From: "Barclays Bank Plc."<secure@barclays.co.uk>
  • Subject: Multiple login errors on your Barclays Online acco
  • From: "Barclays Bank PLC."<secure@barclays.co.uk>
  • Subject: Barclays important notification!
  • From: "FedEx.com Online Services"<onlineservice@fedex.co
  • Subject: Your fedex.com profile needs to be updated.
  • From: "HSBC Bank Plc."<secure@hsbc.co.uk>
  • Subject: Important security notification!
REFERENCE: https://www.projecthoneypot.org/ip_87.106.142.17

-----------------------------------------
Email Reputation: Poor
  • http://www.senderbase.org/lookup/?search_string=87.106.142.17
 HOSTNAME:
http://s15271957.onlinehome-server.info
  • https://www.virustotal.com/de/url/250c273763076212b3ea9f7ade08d2a2db600797633a6c9acf9180e8494ef6f3/analysis/1391097072/

1/29/2014

Just another Spam from: www.ratgeberplatz.com:
„Exklusives Neujahrs-Angebot: o2 DSL + 50 Euro Willkommensbonus“
(„Exclusive New Years Deal: o2 DSL + 50 Bucks Welcome Bonus“)
Germany

English:


www.ratgeberplatz.com is a Spamdomain. Just delete those mails. Do not click "unsuscribe Newsletter". If you do so, they only will register that you have read the Mail, and Spamming will become worse ! See Screenshot.

Related Posts:

Just another SPAM SCREENSHOT from ratgeberplatz.com...


Für Deutschsprachige Leser:


www.ratgeberplatz.com ist eine eindeutige Spamdomain. Diese Mails sollte man getrost löschen. Bloss nicht auf "Newsletter abbestellen" klicken. Das einzige was anschliessend geschieht, ist dass sie von dieser Domain noch mehr Spam geschickt bekommen, da sie sich durch ihren Klick preisgegeben haben, und die Domain ratgeberplatz.com nun weiss, dass sie die E-Mail gelesen haben! Siehe Screenshot.

Verwandte Artikel: 

SpyEye: Aleksandr Andreevich Panin Pleads Guilty to
Developing and Distributing Notorious Malware

In summer last year, Moscow voiced outrage over the arrest of a Russian national in the Dominican Republic and his swift transfer to a US jail without Russia’s consent or knowledge and deemed Aleksander Panin’s extradition “unacceptable." Panins friend Anton Pilyugin, who was traveling with him at the time of his arrest stated: “We don’t even know what he has been accused of.  We have no clue about what to expect,”. Now, Pilyugin has closure: Aleksandr Panin, also known as “Gribodemon” and “Harderman”, pleaded Guilty to developing and distributing the infamous SpyEye Malware.

Mean, mean Boy: Aleksandr Panin
Therewith Panin acknowledged before United States District Judge Amy Totenberg, on January 28th, 2014, to conspiracy to commit wire and bank fraud for his role as the primary developer and distributor of the malicious software known as “SpyEye,” which, according to industry estimates, has infected more than 1.4 million computers in the United States and abroad.

Sally Quillian Yates
United States Attorney Sally Quillian Yates said: “As several recent and widely reported data breaches have shown, cyber attacks pose a critical threat to our nation’s economic security,” and “Today’s plea is a great leap forward in our campaign against those attacks. Panin was the architect of a pernicious malware known as SpyEye that infected computers worldwide. He commercialized the wholesale theft of financial and personal information. And now he is being held to account for his actions. Cyber criminals be forewarned - you cannot hide in the shadows of the Internet. We will find you and bring you to justice.” (I tend to say: You can run, but you cannot hide)


Mythili Raman
“Given the recent revelations of massive thefts of financial information from large retail stores across the country, Americans do not need to be reminded how devastating it is when cyber criminals surreptitiously install malicious code on computer networks and then siphon away private information from unsuspecting consumers,” said Acting Assistant Attorney General Mythili Raman.“Today, thanks to the tireless work of prosecutors and law enforcement agents, Aleksandr Panin has admitted to his orchestration of this criminal scheme to use SpyEye to invade the privacy of Americans by infecting their computers through a dangerous botnet. As this prosecution shows, cyber criminals - even when they sit on the other side of the world and attempt to hide behind online aliases - are never outside the reach of U.S. law enforcement.”

According to United States Attorney Yates, SpyEye is a sophisticated malicious computer code that is designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information. The SpyEye Malware facilitates this theft of information by secretly infecting the victims’ computer, enabling cyber criminals to remotely control the infected computer through command and control (C2C) servers. Once a computer is infected and under control, cyber criminals can remotely access the infected computers, without authorization, and steal victims’ personal and financial information through a variety of techniques, including malicious injections, keystroke logging, and credit card grabbing. The victims’ stolen personal and financial data is then stealthily transmitted to the C2C server, where it is used to steal money from the victims’ financial accounts.

Not Panins eye...
Panin was the primary developer and distributor of SpyEye. Operating out of Russia, from 2009 to 2011, Panin cooperated with other Cybercriminals, including co-defendant Hamza Bendelladj, an Algerian national also known as “Bx1,” to develop, market, and sell various versions of the SpyEye Trojan. Panin allowed cyber criminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information, as well as marketed versions that targeted information about specific financial institutions including banks and credit card companies. Panin advertised the SpyEye virus on online, invite-only criminal forums. He sold those versions for prices ranging from 1.000 to 8.500 USD. Panin is believed to have sold the Malware packet to at least 150 “clients” who, in turn, used them to set up their own C2C servers. One of Panin’s clients, “Soldier” is reported to have made over 3.2 million Dollars in a six-month period.


As on the pictures you can see, Hamza Bendelladj seems to enjoy the attention he received after his arrest in Thailand














SpyEye was the most dominant Malware toolkit used from approximately 2009 to 2011. Based on information received from the financial services industry, more than 10.000 bank accounts have been compromised by SpyEye infections in 2013 alone. Some cyber criminals continue to use SpyEye today, although its effectiveness has been limited since Anti-Virus Vendors makers have added SpyEye to their AV-programs.

In February 2011, compatible to a federal search warrant, the FBI searched and seized a SpyEye C2C server allegedly operated by Bendelladj in the Northern District of Georgia, that controlled more than 200 computers infected with SpyEye and contained information from numerous financial institutions.

In June and July 2011, the FBI covert sources communicated directly with Panin, who was using his online nicknames Gribodemon and Harderman, about the SpyEye virus. FBI sources then purchased a version of SpyEye from Panin that contained features designed to steal confidential financial information, initiate fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (DDoS) attacks from computers infected with the SpyEye malware.


On December 20, 2011, a Northern District of Georgia grand jury returned a 23-count indictment against Panin, who had yet to be fully identified, and Bendelladj.

The indictment charged one count of conspiracy to commit wire and bank fraud, 10 counts of wire fraud, one count of conspiracy to commit computer fraud, and 11 counts of computer fraud. A overruled indictment was subsequently returned, after identifying Panin by his true name.

Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, on January 5th, 2013, while he was in transit from Malaysia to Algeria. "The smiling Hacker" was extradited from Thailand to the United States on May 2nd, 2013. His charges are currently pendin. 

The investigation also has led to the arrests by international authorities of four of Panin’s SpyEye clients and associates in the United Kingdom and Bulgaria.

Sentencing for Panin is scheduled for April 29th, 2014.


MALICIOUS PHISHERS:
learnhacker.com & www.microhacking.com




MALICIOUS PHISHERS:

DOMAIN:
learnhacker.com
  • https://www.virustotal.com/de/url/1a6b2b1f7323042e2682540eed0352abf70c6d39a2ae221363cd3d73a81cba2a/analysis/1390951492/
SPECIFIC LINK:
learnhacker.com/go/1
  • https://www.virustotal.com/de/url/02e782f1978762845c94af7bf4f0d181aa9d09df0e3714c78dc96c750c336f8e/analysis/1390981128/
AS WELL AS:
www.microhacking.com
  • https://www.virustotal.com/de/url/a54b34b146ad5ab94fea479f2b164a253af0627b9323e612ba186aa4bd960094/analysis/1390981694/
  • https://www.mywot.com/en/scorecard/microhacking.com
  • http://hosts-file.net/?s=microhacking.com
  • http://www.urlvoid.com/scan/microhacking.com/

Facebook KILLER (USER) of the Day:
Pinal County Sheriff's Office(r) kills Manuel Longoria


Say Hello to

Pinal County Sheriff's Office

@: https://www.facebook.com/pages/Pinal-County-Sheriffs-Office/151161388286780?fref=ts
OR: https://www.facebook.com/pages/Pinal-County-Sheriffs-Office/




Police in Pinal County, Arizona, claimed that the shooting death of a suspected car thief two weeks ago came after the man had turned to reach for a weapon. But video surfaced this week from a bystander, showing that the suspect had turned his back to officers, with his hands held high in the air.

Manuel Longoria, of Mesa, led police on a 40-minute chase in Eloy, and only stopped after sheriff’s deputies crippled the stolen Toyota Corolla with a tire-popping device. Witnesses said that Longoria told police after he got out of the car, surrounded, that he wouldn’t be taken alive. Police fired Tasers and beanbags at him before he turned around.

The video shows him with his hands above his head. One second later, a sheriff’s deputy fired two shots into him, killing him.

Investigators found no weapon.

The Pinal County Sheriff’s Office said it investigated the shooting and found the officer’s use of lethal force justified.

The shooter returned to duty a week later.

See the Video HERE: http://www.liveleak.com/view?i=c1b_1390766144

1/28/2014

SECURITY UPDATE: Google Releases Google Chrome Update 32.0.1700.102

Google has released Google Chrome 32.0.1700.102 for Windows, Mac, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service or bypass intended security restrictions. Follow the Link for Update:


Stable Channel Update

Chrome has been updated to 32.0.1700.102 for Windows, Mac, Linux and Chrome Frame.

This update has fixes for the following issues:
  • Mouse Pointer disappears after exiting full-screen mode. (317496)
  • Drag and drop files into Chrome may not work properly. (332579
  • Quicktime Plugin crashes in Chrome. (308466)
  • Chrome becomes unresponsive. (335248)
  • Trackpad users may not be able to scroll horizontally. (332797
  • Scrolling does not work in combo box. (334454)
  • Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword. (333035)
Security Fixes and Rewards
This update includes 14 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$1000][330420] High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG.
[$3000][331444] High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler.

We would also like to thank cloudfuzzer and miaubiz for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $6000 in additional rewards were issued.

Many of the above bugs were detected using AddressSanitizer.

A partial list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

SPAM:
www.globalcitybusiness.com (LISTED AT DBL SPAMHAUS) &
www.streamlife.de (GERMANY)

Dieser Newsletter ist kein SPAM. Sie erhalten ihn, weil Sie bei
ihrer Anmeldung bei uns bzw. auf unserer Partnerseite dem
Newsletterempfang zugestimmt haben.

Die Angebote sind Anzeigen der jeweiligen Werbekunden, die für den Inhalt verantwortlich sind. Bei Fragen zum Inhalt, wenden Sie sich bitte an den Anbieter und nicht an die Adress Butler Ltd. da diese ausschliesslich der technische Versender dieser Nachricht ist!
Bitte antworten Sie nicht direkt auf diese E-Mail, da diese nicht zugestellt werden kann.

Technischer Versender der E-Mail ist die AdressButler Ltd,
Karl-Heinz-Beckurts-Str. 13, 52428 Jülich
Selbstverständlich können Sie der Nutzung Ihrer Daten jederzeit wiedersprechen. Sie wünschen keine weiteren Informationen,
klicken Sie bitte hier um sich abzumelden.
http://www.globalcitybusiness.com/unsubscribe.php

POTENTIALLY MALICIOUS SPAM DOMAIN(s): 
SCAM, PHISHING ETC. (LISTED AT SPAMHAUS)
www.globalcitybusiness.com
  • https://www.virustotal.com/de/url/111618ab5b6305880338fff2038a6dbdd5007efe2b7ae7886a91a25fb04cc1d9/analysis/1390927191/
www.globalcitybusiness.com/link.php
  • https://www.virustotal.com/de/url/352dbbd057b010a71041a76563b676358c7b98297fba1fda87b24f0386bb7b24/analysis/1390927504/
  • https://www.virustotal.com/de/file/23d32b79f3e71e41c2eb3d8811f58f72a2b6b5eb04c0981f16f61ab009945054/analysis/1386786113/
www.globalcitybusiness.com/open.php
  • https://www.virustotal.com/de/url/7a7a15b5d7f022340d21f099685c49ea8ff4f291b190d7ecb5cdd6417c8fa46d/analysis/1390927570/
  • https://www.virustotal.com/de/file/dd5bdccb831d1b19c505bd3e67553f6049cea2e20dba7eb231a02ed0103e521f/analysis/1390580473/
www.globalcitybusiness.com/unsubscribe.php
  • https://www.virustotal.com/de/url/a52381179dbe95f686a83ef039f938f62d3ddd1ac90c0898d1ed898f4cbf3745/analysis/1390927632/
  • https://www.virustotal.com/de/file/baefeec3f91b70b39b03c556d29dd1ad4eff87fe7bb0ba91fc3b774e70089281/analysis/1386768007/
  • http://www.urlvoid.com/scan/globalcitybusiness.com/
LISTED AT SPAMHAUS (DBL): 
(and not without reason, as they state in the e-mail: THIS IS NO SPAM)
  • http://www.spamhaus.org/query/domain/globalcitybusiness.com
 
E-Mail SS (ScreenShot)

www.streamlife.de
  • https://www.virustotal.com/de/url/87771b9dd41a23e777709022835837a7f32da2b361c54e3f6805bc6a9c554312/analysis/1390934550/
  • https://www.mywot.com/en/scorecard/streamlife.de
  • http://www.urlvoid.com/scan/streamlife.de/

Infected with HEUR:Trojan.Script.Generic:
sailwilmingtonnc.com
(United States)





MALICIOUS SITE:

sailwilmingtonnc.com
  • https://www.virustotal.com/de/url/374c47f4962544df8ad826da507d6c906e3357f872f0f0c73fe1ad319ea2cf68/analysis/1390921189/
sailwilmingtonnc.com/assets/js/scriptaculous.js
  • https://www.virustotal.com/de/url/5277ae8777c338757a58729d3050e023b8c43cf02f09da25ef2f8e11ad70aa8b/analysis/1390921666/

HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/88d8c123d06ef97454034cd0880cd8156df2d192f7cd7cdfbdb874d999959a7a/analysis/1390921263/
  • http://urlquery.net/report.php?id=9042816

--->

sailwilmingtonnc.com/assets/js/bootstrap.js
  • https://www.virustotal.com/de/url/008503c15d26f5da64724b5c539db1def5c0a249e0a417011b44a38133d68a38/analysis/1390922113/

HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/82d2b05d91aea1a73744f886f59e8204171d57af8a8e91c4cc8155d62f129849/analysis/1390922254/

--->

sailwilmingtonnc.com/assets/js/lightbox.js
  • https://www.virustotal.com/de/url/487104052ac8e9cd06cce92e30cab66bcecc3765ba25f7a930a57015487189e3/analysis/1390922518/

HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/91608b2b2de2ff6f86af686ce65acf3dfbe286f5eb05cf82ae72d4ce3280cc5e/analysis/1390922667/

ALSO:

sailwilmingtonnc.com/assets/js/prototype.js
  • https://www.virustotal.com/de/url/2cca00e2996d82a1cc54f6e1307b87f5c109f85695943102ae6eb0830a10530a/analysis/1390922764/

HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/30e6fdaf834bebd0a830b02fd03ae9e549ebde721fd449f5c952bf5860487744/analysis/1390922891/
sailwilmingtonnc.com/assets/js/smoothscroll.js
  • https://www.virustotal.com/de/url/4fedc0e275c15d5bfba06037d8fe703e39fd742927c358d5018fad32b9df4d7d/analysis/1390923160/

HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/33d8062e8a04cfb7b2927ad294aba465d7eb11e061b8395dec6c246054385126/analysis/1390923116/


1/27/2014

Malicious Website:
freeexgfvideos.com (United States)




MALICIOUS WEBSITE:
freeexgfvideos.com
  • https://www.virustotal.com/de/url/928dc3868a9fc3a46e0193fd5a29238648103337fa3214462102fd768fa82ddf/analysis/1390853754/
  • https://www.mywot.com/en/scorecard/freeexgfvideos.com
  • http://zulu.zscaler.com/submission/show/d14ec3d2612839ed8cb652312c43be26-1390853608
REDIRECTS TO:
chaturbate.com
  • https://www.virustotal.com/de/url/80d0f94caf6a4bb8b147075b3f19d7ae93764b5b59b4546d8a991c5e92fc2770/analysis/1390854715/

INFECTED:
tarabiscot.free.fr
HEUR:Trojan.Script.Generic (FRANCE)


MALICIOUS DOMAIN: RBN 73


tarabiscot.free.fr
  • https://www.virustotal.com/de/url/eee02c8b0bc0f5a7a61b5433db103b962dcfa4e6cb06e9b1512909abcb36a014/analysis/1390833650/

INFECTED WITH: HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/8051a2477f0a79811fce048efa0c41e224aab909cc87df43d47a615560c8c85c/analysis/1390834277/
  • http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=tarabiscot.free.fr
  • http://zulu.zscaler.com/submission/show/2b5d08d924c965ff3c023d2c4f994e87-1390833696
  • http://jsunpack.jeek.org/?report=2bb5070ae0c68c628d7fe1b2b80ea59f9f0af254
  • http://www.urlvoid.com/scan/tarabiscot.free.fr/
  • http://urlquery.net/report.php?id=9019600

---> REMOTE
www.managementhouse.it/X1eqVXuP.php?id=52441323
  • https://www.virustotal.com/de/url/7b9280a92f0ac026b068e86f2a9ece67c955e3ca43601a593389c5f3f760505a/analysis/1390834619/
  • https://www.virustotal.com/de/file/680c91b576621427e4795f80d603cfb3c536f57b98c45a70a12f80f65bb3c9e6/analysis/1390833815/
--->
sexshopsexy.es/waser.html
  • https://www.virustotal.com/de/url/9d71724af54a74209f495b747c83b5610f41eaaaecb879007e4f6d7b6f2607d2/analysis/1390834924/
  • https://www.virustotal.com/de/file/80218063480d86ddcf2a5bdb3c0e8b67ca5e192a18fa38b74f71b8e7a6949f3c/analysis/1390834708/
--->
dnn506yrbagrg.cloudfront.net/pages/scripts/0018/9762.js?386342
  • https://www.virustotal.com/de/url/1e2666229a04b567448ad4480f2b7b981526aaa8d0a243ca75c40de3c8b47511/analysis/1390835245/

1/26/2014

MALICIOUS SITE: rukiyehayran.com
(PHISHING, MALWARE, SCAM, SEO SPAM)
TURKEY (Rogue Medications - Zymbiotix)


MALICIOUS SITE: PHISHING, MALWARE, SCAM, SEO SPAM (Zymbiotix Cleanse)

"Are you sure you don\'t want to take advantage of the Garcinia Cambogia offer?\n\nDon\'t forget - it will only be available for a LIMITED TIME.

Since this offer is so cheap, there is no risk to you. You can also give them away if you\'d like. Or give it a shot, and get Garcinia Cambogia.\n\nIf you are wondering why this offer is so cheap, the simple answer is because the manufacturer is confident that their products will help you, and that you will continue to use their products, and refer friends and family.

Celebrities like Kim Kardashian and Britney Spears have lost a
signifcant amount of body fat with just these 2 diet cleanses. The duo
cleanse is clinically proven to flush out all the junk in your body and
melt away body fat without harming your immune system. Keep reading and
you'll find out why we created this report."

DOMAIN:
rukiyehayran.com
  • https://www.virustotal.com/de/url/2f6ab6c39c5b436e410ec66f2f62be5d8f1156c38b48b63c8d5062128605e9f2/analysis/1390758337/

HTML
  • https://www.virustotal.com/de/file/1f1218e4661f525ee1fcd70a043b7c0a3709ab33b39af313ffec819f59e24ffa/analysis/1390751239/


LINK 2
rukiyehayran.com/likeit.php
  • https://www.virustotal.com/de/url/6ebf42c21c420e1b2d377bbd335ed3b3317373a895c8e29566deb40650e4bfe3/analysis/

HTML
  • https://www.virustotal.com/de/file/70c6546a370ccedbdbf101bfd0124adc537fc4cccb7c022a0300071c3f09afcd/analysis/
  • http://jsunpack.jeek.org/dec/getfile?hash=3585/7a7fe26eb28c4a47ccd31474b3944cefef41
  

LINK 3 (SPECIFIC)
rukiyehayran.com/likeit.php?nwqmqztem1151qapb
  • https://www.virustotal.com/de/url/9f589ceabb55b17f43769500f860b201ff60715e36bff0cc6422728b93b92232/analysis/1390758346/

HTML
  • https://www.virustotal.com/de/file/70c6546a370ccedbdbf101bfd0124adc537fc4cccb7c022a0300071c3f09afcd/analysis/

POSSIBLE ORIGINATING IP ADRESS: 108.166.43.117

Screenshot of E-Mail Scam from rukiyehayran.com