Translate

3/22/2014

MALICIOUS VISITOR (to this BLOG):
HEUR:Trojan.Win32.Generic @ searchandhra.in
IP: 198.27.74.17
CANADA vous souhaite un Bon Appétit de Montréal


MALWARE (SITE): Generic Trojan
DOMAIN:
http://searchandhra.in/
  • https://www.virustotal.com/de/url/8c8c23a275a908973f8665feed72d975ecd3d23bfcfe94c87703ac981d8d99a7/analysis/1395440619/
MALICIOUS LINK:
http://searchandhra.in/images/logo.gif?108c5=610029
  • https://www.virustotal.com/de/url/a84ec9afdbfdde65c939110db31fd2c53161f307fa1710e4b0fa13a32f437f76/analysis/1395440607/
HEUR:Trojan.Win32.Generic
  • https://www.virustotal.com/de/file/2a04b7d2904945d47c1cdedf914fc07672b57fe7bfd373d5b4948c3e38bdf4fc/analysis/1395417946/
IP:
http://198.27.74.17/
  • https://www.virustotal.com/de/url/9c74a26e9e31f6c581b4c829389eb26fc93d824979e514e2feef4a4859b8d0be/analysis/1395442580/
  • https://www.virustotal.com/de/ip-address/198.27.74.17/information/

3/20/2014

SPYWARE DOMAIN: terra.mastertop100.net
TROJAN REDIRECTOR (Pagesinxt Malicious Redirect)

USA-RUSSIA-CANADA-Virgin-Islands
NORWAY-NETHERLANDS-FRANCE-ITALY


MALICIOUS DOMAIN:
SPYWARE - TROJAN REDIRECTOR 

USA-RUSSIA-CANADA-Virgin-Islands-NORWAY-NETHERLANDS-FRANCE-ITALY
http://terra.mastertop100.net/
  • https://www.virustotal.com/de/url/b99bc9716fa430c1e0417a758ddf03d3eaf1ca33f8619da37756c61e8469e559/analysis/1395328043/
Pagesinxt Malicious Redirect
  • https://urlquery.net/report.php?id=1395328112708
FOR FULL REPORT .txt ICON:

Document hosting: UploadEdit.com

MALICIOUS BLOGVISITOR (Let them come to you...):
rerew.862fd.io.wy5532.com (IP: 142.0.129.33)
INFECTED with Trojan.JS.Agent.btr
(UNITED STATES)

MALWARE FROM A VISITOR TO THIS BLOG:
Trojan.JS.Agent.btr

DOMAIN:
http://rerew.862fd.io.wy5532.com/
  • https://www.virustotal.com/de/url/c965bbb10eb78930d5fbcd280bfb8dd64a17ef0ed1c0ac234aaa1aad08d0fbb9/analysis/1395299385/
Trojan.JS.Agent.btr
  • https://www.virustotal.com/de/file/1ed6b2ce3302f836a1d7436c0728f78c1740becd2a0495eae0dfe6687bc561e3/analysis/1395299055/
--->
http://web.nba1001.net:8888/tj/tongji.js
  • https://www.virustotal.com/de/url/802c247f8749f6a208f1a247dcb9ca3b28f8dfec881fb91e49a1f5e8645f7aa6/analysis/
--->
http://rerew.862fd.io.wy5532.com/index_files/saved_resource.htm
  • https://www.virustotal.com/de/url/def146a6d00c349c3a11c8f6f09daf617e7bd25f37132ff76eb048e2f1ccb1aa/analysis/1395300994/
Trojan.JS.Agent.btr
  • https://www.virustotal.com/de/file/0614baa266f5c87ab675955c546be95ecd817d11c3263223af20d426d365b943/analysis/1394549652/

3/18/2014

Wisconsin ONLINE CHILD PREDATORS 2012:
David Whitworth, 40, of Monroe, arrested and charged
with production and receipt of child pornography via Internet



U.S. Attorney William J. Hochul, Jr. announced on March 15th 2012 that David Whitworth, 40, of Monroe, Wisconsin, was arrested and charged by criminal complaint with production and receipt of child pornography. The charges carry a maximum penalty of life in prison, a fine of 250.000 USD or both.

U.S. Att. William Hochul
Assistant U.S. Attorney Maura K. O’Donnell, who was handling the case, stated that according to the complaint, the defendant posed as a modeling agent online to induce minors in the Western District of New York and elsewhere to produce pornographic images of themselves, which they then forwarded to Whitworth via the Internet.

This case was brought as part of Project Safe Childhood, a nationwide initiative to combat the growing epidemic of child sexual exploitation and abuse launched in May 2006 by the Department of Justice. Led by United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section (CEOS), Project Safe Childhood marshals federal, state, and local resources to better locate, apprehend, and prosecute individuals who exploit children via the Internet, as well as to identify and rescue victims. For more information about Project Safe Childhood, please visit www.projectsafechildhood.gov.

The charges are the culmination of an investigation on the part of special agents of the Federal Bureau of Investigation, under the direction of Special Agent in Charge Christopher M. Piehota; Officers from the Lancaster Police Department, under the direction of Chief Gerald J. Gill, Jr.; and Officers from the Cheektowaga Police Department, under the direction of Chief David Zack.

The fact that a defendant has been charged with a crime is merely an accusation and the defendant is presumed innocent until and unless proven guilty.

Source: http://www.justice.gov/

Just another Spam, from...
www.ratgeberplatz.com:
„2014 Träume erreichen - Eine schuldenfreie Zukunft“
(„Make your Dreams come true in 2014 - Your Future out of dept“)

from Australia & Germany

English:


www.ratgeberplatz.com is a Spamdomain. Just delete those mails. Do not click "unsuscribe Newsletter". If you do so, they only will register that you have read the Mail, and Spamming will become worse ! See Screenshot.

Related Posts:

  


Für Deutschsprachige Leser:


www.ratgeberplatz.com ist eine eindeutige Spamdomain. Diese Mails sollte man getrost löschen. Bloss nicht auf "Newsletter abbestellen" klicken. Das einzige was anschliessend geschieht, ist dass sie von dieser Domain noch mehr Spam geschickt bekommen, da sie sich durch ihren Klick preisgegeben haben, und die Domain ratgeberplatz.com nun weiss, dass sie die E-Mail gelesen haben! Siehe Screenshot.

Verwandte Artikel:

IN THIS CASE THE ORIGINATING IP ADRESS IS:
14.02.15.21 (AUSTRALIA)
AS4739 Internode Pty Ltd

  • https://www.virustotal.com/de/url/a60f76f2fa705159fd37cafe947fa4e01681ae42ecc3b80554695bcc238a8fd9/analysis/1395151319/

MALICIOUS BLOGVISITOR: kukutrustnet777.info
GERMANY, PORTUGAL, United States of AMERICA
IP: 74.208.164.166
Network Owner 1&1 Internet
Involved in Illegal Activities

MALICIOUS BLOGVISITOR: W32 SALITY

DOMAIN:
http://kukutrustnet777.info/
  • https://www.virustotal.com/de/url/70f3e502cfb9f161deb3b606b4d4834f9b8eaaa0d7e22643abb245a528bdab26/analysis/1395148434/
SPECIFIC VISITING LINK:
http://kukutrustnet777.info/?177ab=96171
  • https://www.virustotal.com/de/url/de1a0fef4a8468c1503ad39bec362804625dfba783f852223656a3aceee1ff9a/analysis/1395148539/
  • https://urlquery.net/search.php?q=kukutrustnet&type=string&start=2011-06-25&end=2014-03-18&max=50
IP:
http://74.208.164.166/
  • https://www.virustotal.com/de/url/694476a661091a3bacdc0e374b785b127d8eef67592e7231fa202576b79d305a/analysis/1395149571/
Involved in Illegal Activities
  • http://www.senderbase.org/lookup/?search_string=74.208.164.166
  • https://www.virustotal.com/de/ip-address/74.208.164.166/information/
NETWORK OWNER: 1&1 Internet

TROJAN JScripts @ www.fahrradreisen.de
(IP: 82.165.1.172) GERMANY


Malware Domain: TROJAN JS

http://www.fahrradreisen.de/
https://www.virustotal.com/de/url/506a128026ca7a4fb0851122d8fb6a33b28e368b58cd79c0113e32c3f9e92163/analysis/1395078178/
HTML:
https://www.virustotal.com/de/file/324fd828e7ae9d8bf61ae80bda3bbec77ed20f3e1dd8779a0ca592840edc3ff6/analysis/

MALICIOUS SCRIPTS:
1) http://www.fahrradreisen.de/javascript/rrdb/country_region.js
https://www.virustotal.com/de/url/47643eaec0e017e6490e4cd12c5e7c3e5ed396cea92d9525586550c337bb858d/analysis/
TROJAN REDIRECTOR
https://www.virustotal.com/de/file/d000c86205f8d23a4fab1d9e886c707e597562f11b44d60b8835a2a8a5ee346c/analysis/1395078501/
http://jsunpack.jeek.org/?report=27ab2cfdad6ab55928a3c0c3eb62bb78866fd70c

2) http://www.fahrradreisen.de/javascript/jquery/1.4.2/jquery.min.js
https://www.virustotal.com/de/url/a13cf4f915ad4bcf42c4cd950f4142fa85256a4707d81f3898fb09b1fcbf7da2/analysis/1395078501/
JS/Exploit-Blacole.lj
https://www.virustotal.com/de/file/f71239bdb40fa6b4fdd51366dcbbaebde7470967a478f3895a812a190bcc1666/analysis/1395078506/

3/16/2014

PHISHING SITE:
"Observations on film art" www.davidbordwell.net (IP: 70.39.234.97)
PUA.Phishing.Bank (UNITED STATES)

PHISHING SITE: PUA.Phishing.Bank
http://www.davidbordwell.net/blog/index.html
  • https://www.virustotal.com/de/url/2adce51d608b3c939dc1a2c19a9b387aa2e6fe66e750bebf737767133506d85e/analysis/1394996663/
PUA.Phishing.Bank
  • https://www.virustotal.com/de/file/853a64746b075e1b5d0d7b2eb41c605ddfbfbd4c4b03302ccdde31464ee0f44f/analysis/1394996609/
  • http://virusscan.jotti.org/de/scanresult/7be1f7e378ee2d12adabc4bde73a129e28260178
  • http://jsunpack.jeek.org/?report=22adb95eb82f0ea13915cb3bf77dbae3d100e346
IP:
http://70.39.234.97/
  • https://www.virustotal.com/de/url/56d002a4058f32470c9a5e3add7ffcc5143e77faf1d304a975afbfe9c78ab544/analysis/1394998293/
  • https://www.virustotal.com/de/ip-address/70.39.234.97/information/

PHISHING SITE:
"Ihr Versicherungs Info Blog" isore.de (IP: 141.0.23.37)
PUA.Phishing.Bank GERMANY


MALICIOUS DOMAIN: PUA.Phishing.Bank
http://isore.de/
  • https://www.virustotal.com/de/url/cd05f3ccda0c44e076fbef633074dfaf92f162e60532181f6f89c56cfe1fdf2d/analysis/1394969151/
PUA.Phishing.Bank
  • https://www.virustotal.com/de/file/b8d40881840b183b2a270ceea0c4e0832766ff61c0cbee3a5e33f182d55614c5/analysis/1394968898/
  • http://virusscan.jotti.org/de/scanresult/907bdcf1d4ce04602e10f6515090ab131201912a
  • http://jsunpack.jeek.org/?report=e7eb3bb765ed738fe2a1390cdf65014d15d6f2a1
IP:
http://141.0.23.37/
  • https://www.virustotal.com/de/url/5d08ba1be1ae978c9a6f17ffc4998aea90204e76ec77f8e5e2d569e93c9f7ea1/analysis/1394970114/
  • https://www.virustotal.com/de/ip-address/141.0.23.37/information/

Malaysia Airlines Missing Plane:
THIS IS (WAS) A PLANED (MALICIOUS) DATA ATTACK
(SNOWDEN ? His Knowledge & RUSSIAN Visa is expiring soon.....Time to accomplish for Renewal...??)
to direct something in the way (someone or something) wants it !
But from WHO after the FAR EAST is BURNING ???
Who will be Responsable...

...because do not forget: Spanair Flight 5022...

...and STUXNET !

Per USB (everything) is possible in a simple way. These Days...........!

But what will be the Goal, if it IS ? SNOWDEN ?? RUSSIA ???

WE WILL SEE ! IN NEAR FUTURE. WORLD IS BURNING or....THE BEDS ??

 
 Looks like he will be pukeing soon... 

SEE THE PLANE CROSSING........the BRIDGE ? Over Troubled Waters ?