Translate

5/02/2014

www.my-lifespan.com
----------------------------------
Spying DOMAIN
(Maxmind geoip check)

IP: 74.220.215.216 from Provo, UTAH


POTENTIALLY MALICIOUS WEBDOMAIN
SPYWARE (Maxmind geoip check)
SUSPICIOUS MEDICATIONS ONLINE ORDER


DOMAIN: http://www.my-lifespan.com/
  • https://www.virustotal.com/de/url/6ca77e2af62f1dda5906d724ab55f617e380a7298a531e54a57b7fac999ca18d/analysis/1399044590/
HTML
  • https://www.virustotal.com/de/file/5784dd2f9da24a1c7dea8a90a7f953d0befced6fe23f684fcadd49abdfd680c5/analysis/1399045056/
---> LINKS TO FOLLOWING Mal. DOMAINS:
http://b.scorecardresearch.com/
  • https://www.virustotal.com/de/url/bc910cfb21a188032f8b808b5f73318ecfc8e9a67fb579a3aea8699a5fe57232/analysis/1399045283/
http://extremetracking.com/
  • https://www.virustotal.com/de/url/0783c2061f219702786615d551d76c21afe676a2c287e7c94ecc54044eb8cc08/analysis/1399045356/
---------------------------
ET POLICY Maxmind geoip check to /app/geoip.js
  • https://urlquery.net/report.php?id=1399044577915
  • https://urlquery.net/report.php?id=1399044573117
  • https://urlquery.net/report.php?id=1399044572505
  • https://urlquery.net/report.php?id=1399044582830
  • https://urlquery.net/report.php?id=1399045795165
---------------------------
IP:
http://74.220.215.216/
  • https://www.virustotal.com/de/url/d60fd473a3e21ced99fef2606307e654d73ab75c71c98e031ac40340afc9e8af/analysis/1399046474/
  • https://www.virustotal.com/de/ip-address/74.220.215.216/information/
BHA: 2
  • https://www.projecthoneypot.org/ip_74.220.215.216
---------------------------

SEE ALSO:
  • http://www.UnmaskParasites.com/security-report/?page=www.my-lifespan.com
 
---------------------------

OTHER SUSPICIOUS LINKS TAGGES WITH MAXMIND FROM THIS DOMAIN:
http://www.my-lifespan.com/acarbose.html
http://www.my-lifespan.com/accupril.html
http://www.my-lifespan.com/aciphex.html
http://www.my-lifespan.com/actos.html
http://www.my-lifespan.com/acyclovir.html
http://www.my-lifespan.com/adalat.html
http://www.my-lifespan.com/adamantan.html
http://www.my-lifespan.com/aerius.html
http://www.my-lifespan.com/alendronate.html
http://www.my-lifespan.com/allegra.html
http://www.my-lifespan.com/allopurinol.html
http://www.my-lifespan.com/amantadine.html
http://www.my-lifespan.com/amaryl.html
http://www.my-lifespan.com/aminoguanidine.html
http://www.my-lifespan.com/amitriptyline.html
http://www.my-lifespan.com/arava.html
http://www.my-lifespan.com/aredia.html
http://www.my-lifespan.com/aricept.html
http://www.my-lifespan.com/arimidex.html
http://www.my-lifespan.com/article-148.html
http://www.my-lifespan.com/article-162.html
http://www.my-lifespan.com/articles.php
http://www.my-lifespan.com/astragalosideiv.html
http://www.my-lifespan.com/atorvastatin.html
http://www.my-lifespan.com/augmentin.html
http://www.my-lifespan.com/avapro.html
http://www.my-lifespan.com/avastin.html
http://www.my-lifespan.com/avemarimmunebooster.html
http://www.my-lifespan.com/azarga.html
http://www.my-lifespan.com/azopt.html
http://www.my-lifespan.com/b_vitamincomplex.html
http://www.my-lifespan.com/b_vitamincomplexforte.html
http://www.my-lifespan.com/b6vitamin.html
http://www.my-lifespan.com/benicar.html
http://www.my-lifespan.com/boniva.html
http://www.my-lifespan.com/bromocriptine.html
http://www.my-lifespan.com/burdockrootoil.html
http://www.my-lifespan.com/caffeinecomplex.html
http://www.my-lifespan.com/calcitrio.html
http://www.my-lifespan.com/campto.html
http://www.my-lifespan.com/casodex.html
http://www.my-lifespan.com/cavinton.html
http://www.my-lifespan.com/centrophenoxine.html
http://www.my-lifespan.com/cialis.html
http://www.my-lifespan.com/ciprobay.html
http://www.my-lifespan.com/climagest.html
http://www.my-lifespan.com/clomid.html
http://www.my-lifespan.com/clotrimazolebifonazole.html
http://www.my-lifespan.com/coaxil.html
http://www.my-lifespan.com/coenzymeq10.html
http://www.my-lifespan.com/combivir.html
http://www.my-lifespan.com/competact.html
http://www.my-lifespan.com/comtan.html
http://www.my-lifespan.com/contact.php
http://www.my-lifespan.com/coverex.html
http://www.my-lifespan.com/coversyl.html
http://www.my-lifespan.com/cozaar.html
http://www.my-lifespan.com/crestor.html
http://www.my-lifespan.com/cycloastragenolta_65activesubstance.html
http://www.my-lifespan.com/d3vitamin.html
http://www.my-lifespan.com/depakote.html
http://www.my-lifespan.com/depo_medrol.html
http://www.my-lifespan.com/deprenyl.html
http://www.my-lifespan.com/diabenol.html
http://www.my-lifespan.com/diflucan.html
http://www.my-lifespan.com/disease-1.html
http://www.my-lifespan.com/disease-10.html
http://www.my-lifespan.com/disease-11.html
http://www.my-lifespan.com/disease-12.html
http://www.my-lifespan.com/disease-14.html
http://www.my-lifespan.com/disease-15.html
http://www.my-lifespan.com/disease-16.html
http://www.my-lifespan.com/disease-17.html
http://www.my-lifespan.com/disease-18.html
http://www.my-lifespan.com/disease-19.html
http://www.my-lifespan.com/disease-2.html
http://www.my-lifespan.com/disease-20.html
http://www.my-lifespan.com/disease-22.html
http://www.my-lifespan.com/disease-23.html
http://www.my-lifespan.com/disease-25.html
http://www.my-lifespan.com/disease-26.html
http://www.my-lifespan.com/disease-27.html
http://www.my-lifespan.com/disease-28.html
http://www.my-lifespan.com/disease-29.html
http://www.my-lifespan.com/disease-3.html
http://www.my-lifespan.com/disease-31.html
http://www.my-lifespan.com/disease-32.html
http://www.my-lifespan.com/disease-35.html
http://www.my-lifespan.com/disease-36.html
http://www.my-lifespan.com/disease-39.html
http://www.my-lifespan.com/disease-4.html
http://www.my-lifespan.com/disease-46.html
http://www.my-lifespan.com/disease-47.html
http://www.my-lifespan.com/disease-48.html
http://www.my-lifespan.com/disease-49.html
http://www.my-lifespan.com/disease-5.html
http://www.my-lifespan.com/disease-51.html
http://www.my-lifespan.com/disease-56.html
http://www.my-lifespan.com/disease-57.html
http://www.my-lifespan.com/disease-58.html
http://www.my-lifespan.com/disease-59.html
http://www.my-lifespan.com/disease-6.html
http://www.my-lifespan.com/disease-8.html
http://www.my-lifespan.com/disease-9.html
http://www.my-lifespan.com/doxycycline.html
http://www.my-lifespan.com/echinaceavitc1000zinc.html
http://www.my-lifespan.com/effexor.html
http://www.my-lifespan.com/eldepryl.html
http://www.my-lifespan.com/eulexin.html
http://www.my-lifespan.com/evista.html
http://www.my-lifespan.com/evitamin.html
http://www.my-lifespan.com/exelon.html
http://www.my-lifespan.com/fareston.html
http://www.my-lifespan.com/fatburner.html
http://www.my-lifespan.com/femara.html
http://www.my-lifespan.com/fishoil.html
http://www.my-lifespan.com/flomax.html
http://www.my-lifespan.com/fluconazole.html
http://www.my-lifespan.com/folicacid.html
http://www.my-lifespan.com/fosamax.html
http://www.my-lifespan.com/galvus.html
http://www.my-lifespan.com/gleevecglivec.html
http://www.my-lifespan.com/glucobay.html
http://www.my-lifespan.com/glucobene.html
http://www.my-lifespan.com/gluconorm.html
http://www.my-lifespan.com/glucophageglucophagexr.html
http://www.my-lifespan.com/ibuprofen.html
http://www.my-lifespan.com/imatinib.html
http://www.my-lifespan.com/img/banner-acd.jpg
http://www.my-lifespan.com/img/clouds.gif
http://www.my-lifespan.com/img/dot.gif
http://www.my-lifespan.com/img/icon-blog.png
http://www.my-lifespan.com/img/icon-facebook.png
http://www.my-lifespan.com/img/logo.gif
http://www.my-lifespan.com/img/news/news-148.jpg
http://www.my-lifespan.com/img/news/news-162.jpg
http://www.my-lifespan.com/img/news/news-168.jpg
http://www.my-lifespan.com/img/news/news-169.jpg
http://www.my-lifespan.com/img/news/news-170.jpg
http://www.my-lifespan.com/img/news/news-171.jpg
http://www.my-lifespan.com/img/phone-title.gif
http://www.my-lifespan.com/img/products/prod-108.jpg
http://www.my-lifespan.com/img/products/prod-26.jpg
http://www.my-lifespan.com/img/products/prod-272.jpg
http://www.my-lifespan.com/img/products/prod-33.jpg
http://www.my-lifespan.com/img/products/prod-35.jpg
http://www.my-lifespan.com/img/products/prod-72.jpg
http://www.my-lifespan.com/img/visa.gif
http://www.my-lifespan.com/imigran.html
http://www.my-lifespan.com/imunovir.html
http://www.my-lifespan.com/inulin.html
http://www.my-lifespan.com/iodideki.html
http://www.my-lifespan.com/iodinewater.html
http://www.my-lifespan.com/iressa.html
http://www.my-lifespan.com/isoprinosine.html
http://www.my-lifespan.com/janumet.html
http://www.my-lifespan.com/jumex.html
http://www.my-lifespan.com/kaletra.html
http://www.my-lifespan.com/lamisil.html
http://www.my-lifespan.com/led.css
http://www.my-lifespan.com/lescol.html
http://www.my-lifespan.com/leuzearoot.html
http://www.my-lifespan.com/levaquinlevofloxacin.html
http://www.my-lifespan.com/lifeexendingkit.html
http://www.my-lifespan.com/lipitor.html
http://www.my-lifespan.com/lipoicacid.html
http://www.my-lifespan.com/lotensin.html
http://www.my-lifespan.com/macavibe.html
http://www.my-lifespan.com/madopar.html
http://www.my-lifespan.com/megace.html
http://www.my-lifespan.com/melatonin.html
http://www.my-lifespan.com/memantine.html
http://www.my-lifespan.com/metformin.html
http://www.my-lifespan.com/metoprolol.html
http://www.my-lifespan.com/milgamma.html
http://www.my-lifespan.com/mirapexin.html
http://www.my-lifespan.com/mobic.html
http://www.my-lifespan.com/movalis.html
http://www.my-lifespan.com/mumijomumio.html
http://www.my-lifespan.com/nadh.html
http://www.my-lifespan.com/neupro.html
http://www.my-lifespan.com/news.php
http://www.my-lifespan.com/news-168.html
http://www.my-lifespan.com/news-169.html
http://www.my-lifespan.com/news-170.html
http://www.my-lifespan.com/news-171.html
http://www.my-lifespan.com/nexium.html
http://www.my-lifespan.com/nizoral.html
http://www.my-lifespan.com/nolvadex.html
http://www.my-lifespan.com/nootropil.html
http://www.my-lifespan.com/nootropyl.html
http://www.my-lifespan.com/norvasc.html
http://www.my-lifespan.com/orungal.html
http://www.my-lifespan.com/oseltamivir.html
http://www.my-lifespan.com/pantocrin.html
http://www.my-lifespan.com/pikamilonpicamilon.html
http://www.my-lifespan.com/piracetam.html
http://www.my-lifespan.com/plavix.html
http://www.my-lifespan.com/precose.html
http://www.my-lifespan.com/products.php
http://www.my-lifespan.com/proscar.html
http://www.my-lifespan.com/pumpkinseedoil.html
http://www.my-lifespan.com/raloxifene.html
http://www.my-lifespan.com/redwinehighinresveratrol.html
http://www.my-lifespan.com/resveratrol.html
http://www.my-lifespan.com/revalidcapsules.html
http://www.my-lifespan.com/revalidcream.html
http://www.my-lifespan.com/revalidhairtonic.html
http://www.my-lifespan.com/revalidshampooandconditioner.html
http://www.my-lifespan.com/reyataz.html
http://www.my-lifespan.com/rhodiolaroot.html
http://www.my-lifespan.com/rhodiolatablets.html
http://www.my-lifespan.com/rosuvastatin.html
http://www.my-lifespan.com/rutin.html
http://www.my-lifespan.com/schisandra.html
http://www.my-lifespan.com/sea_buckthorn.html
http://www.my-lifespan.com/selegilin.html
http://www.my-lifespan.com/selenium.html
http://www.my-lifespan.com/seroquel.html
http://www.my-lifespan.com/sinemet.html
http://www.my-lifespan.com/singulair.html
http://www.my-lifespan.com/sporanox.html
http://www.my-lifespan.com/src
http://www.my-lifespan.com/stablon.html
http://www.my-lifespan.com/sustiva.html
http://www.my-lifespan.com/tamiflu.html
http://www.my-lifespan.com/tamoxifen.html
http://www.my-lifespan.com/tasmar.html
http://www.my-lifespan.com/telfast.html
http://www.my-lifespan.com/terms.php
http://www.my-lifespan.com/thiogammalipoicacid.html
http://www.my-lifespan.com/tolcapone.html
http://www.my-lifespan.com/topamax.html
http://www.my-lifespan.com/tritico.html
http://www.my-lifespan.com/truvada.html
http://www.my-lifespan.com/valdoxan.html
http://www.my-lifespan.com/vepesid.html
http://www.my-lifespan.com/vfendvoriconazole.html
http://www.my-lifespan.com/viagra.html
http://www.my-lifespan.com/vinpocetine.html
http://www.my-lifespan.com/vinpotropile.html
http://www.my-lifespan.com/viread.html
http://www.my-lifespan.com/xalatan.html
http://www.my-lifespan.com/xanthinolnicotinate.html
http://www.my-lifespan.com/xeloda.html
http://www.my-lifespan.com/xenical.html
http://www.my-lifespan.com/xylometazolineotrivin.html
http://www.my-lifespan.com/zetia.html
http://www.my-lifespan.com/ziagen.html
http://www.my-lifespan.com/zinczn.html
http://www.my-lifespan.com/zithromax.html
http://www.my-lifespan.com/zocor.html
http://www.my-lifespan.com/zofran.html
http://www.my-lifespan.com/zovirax.html
http://www.my-lifespan.com/zyprexa.html
http://www.my-lifespan.com/zyrtec.html

4/30/2014

Officer Down Memorial Post (10-00):
Christopher A. Upton (37)
killed on March 5th 2010
@ the Oconee National Forest, Georgia, United States

A USDA Forest Service Law Enforcement officer was fatally killed on, March 5th 2010 at the Ocmulgee Bluff Equestrian Recreation Area on the Oconee Ranger District of the Chattahoochee-Oconee National Forest in Jasper County, Georgia.

Christopher Upton
Christopher Arby Upton, 37, of Monroe, Georgia, was on a routine patrol in the area about 11 p.m., where 2 hunters were hunting coyotes with a high-powered rifle equipped with night vision and apparently mistook the officer for game. After the shooting, the hunters dialed 911 and reported a hunting incident.


“This is a tragic incident where the loss of a federal officer’s life could have been avoided,” said Steven Ruppert, Special Agent-in-Charge for the Southern Region of the Forest Service.

“The standard procedure for a hunter is to identify your target and then shoot,” said Homer Bryson, Law Enforcement Colonel for Georgia Department of Natural Resources (DNR) Wildlife Resources Division (WRD). “The hunter failed to do this, and mistook the officer for game. He then shot and instantly killed the officer.”

The shooter, Norman Clinton Hale, 40, McDonough, Ga., and an observer, Clifford Allen McGouirk, 41, of Jackson, Georgia, were hunting coyotes.

While hunting illegally, Hale discharged his rifle, striking Upton in the face. At the sentencing hearing, the government offered expert evidence that had Mr. Hale taken appropriate action, such as calling for emergency services and applying pressure to Officer Upton’s wound, Officer Upton could have survived.

Oconee National Forest
Instead, Mr. Hale waited one hour and 32 minutes before calling 911 and offered no aid to Officer Upton. Mr. Hale asked the other persons present to just leave and not report the incident. When they refused to do so, Mr. Hale then suggested they get four wheelers and drive them to where Officer Upton was and tell the police that they found Officer Upton’s body in this condition. Hale was sentenced on March 22nd 2012 before the Judge Marc T. Treadwell to to 60 months’ imprisonment.

Upton, a four-year veteran of the Forest Service, had previously worked as a game warden for the Department of Defense, U.S. Marine Corps, at Beaufort, South Carolina, and as a conservation officer, game warden and pilot with the Florida Fish and Wildlife Commission. He is survived by his wife, Jessica, and a 4-year-old daughter, Annabelle.

SOURCE(s): http://www.woodsnwater.net/ & http://www.odmp.org/officer/20315-officer-christopher-a-upton

down.360safe.com with Win32/Trojan.Genome:
MALICIOUS DOMAIN FROM CHINA
IP: 180.153.229.17 Shanghai & IP: 220.181.150.209 Beijing




CHINESE (Shanghai & Beijing)
MALWARE DOMAIN: & SUSPICIOUS FILE
DOMAIN + SUBDOMAIN: BLACKLISTED @ MalwareDomainList

http://360safe.com/
  • https://www.virustotal.com/de/url/b3e16d689af0dd0c1c7f91b3bb7d3b1945f8a38b0f944713c0f87244ee2baee0/analysis/
SUBDOMAIN:
http://down.360safe.com/
  • https://www.virustotal.com/de/url/a0ded28ef8f22d505636819bb2b8bba88412c8157ca3ac4723a5a34fe994cb73/analysis/1398878350/
SUSPICIOUS FILE LINK:
http://down.360safe.com/setup.exe
  • https://www.virustotal.com/de/url/659adefa8017920149ed69bc009b0bc8be1ba53a02a589346392cec09cf144f6/analysis/1398878498/
SUSPICIOUS FILE:
  • https://www.virustotal.com/de/file/1f99e9e6e5bb5444a6010219b44837c89aab951c177da702d771e91dcbfc97d2/analysis/
IP(s):
http://180.153.229.17/
  • https://www.virustotal.com/de/url/67118050119382d41608cd53e67db70664b09dcd75fe9ad47994be1228b77e9b/analysis/1398878751/
  • https://www.virustotal.com/de/ip-address/180.153.229.17/information/
http://220.181.150.209/
  • https://www.virustotal.com/de/url/d4968e75e9802ef631320da4bb1c4c5c5766b28fedb5a90160a18ca79f70b2cf/analysis/1398878962/
  • https://www.virustotal.com/de/ip-address/220.181.150.209/information/
SEE ALSO:
  • http://urlquery.net/report.php?id=1398876496772
  • http://quttera.com/detailed_report/down.360safe.com

4/29/2014

aspiderm2m.net
POTENTIALLY MALICIOUS DOMAIN
PUA.PHISHING.BANK or Malware.HTML.Iframe (Paranoid Heuristics)
IP: 66.155.9.238

San Francisco, UNITED STATES



POTENTIALLY MALICIOUS DOMAIN:



PUA.PHISHING.BANK 
OR
Malware.HTML.Iframe (Paranoid Heuristics)
http://www.aspiderm2m.net/
  • https://www.virustotal.com/de/url/1cd0a5ab886c9f5c8c5f77487ab7b3d3de4195c916c27be624ca0d9d8988321b/analysis/1398796394/
---> REDIRECTS TO:
http://aspiderm2m.net/
  • https://www.virustotal.com/de/url/f8a2831d9c9f5f88e68f3f8ab67e88fbf8f8073e928d407561b9134f946652fd/analysis/1398796533/
PUA.PHISHING.BANK OR Malware.HTML.Iframe (Paranoid Heuristics)
  • https://www.virustotal.com/de/file/3f247ec48488c107deed757f8e4ea3c7bf5f7d2d0e48567a75745a69b2e3234e/analysis/1398796207/
  • http://virusscan.jotti.org/de/scanresult/7bd9d4594300b12e875d0bf9bffb8be09d384363

IP:
http://66.155.9.238/
  • https://www.virustotal.com/de/url/1a20d9bd80e3f59756f980204479ead147fa25471de76a18df69cea22ecd66d3/analysis/1398797120/
  • https://www.virustotal.com/de/ip-address/66.155.9.238/information/
BHA: 1
  • https://www.projecthoneypot.org/ip_66.155.9.238
Fwd/Rev DNS Match: NO
  • http://www.senderbase.org/lookup/?search_string=66.155.9.238

Florida ONLINE CHILD PREDATORS 2011:

Joshua Jay Williamson (24) from Jacksonville
sentenced to 5 ½ years in federal prison for
extorting dozens of women on Facebook
and possession child porn


24-year-old Joshua Jay Williamson received the sentence on the 29th of November, 2012, in Jacksonville. Court documents say Williamson "hacked" in to the email and social networking site on FB of dozens of women between February 2011 and June 2011. Using the personal information he gathered, along with suggestive photos he would find online, and would then further demand the women to send him full nude and sexually explicit photos. He told them that if they did not comply, he would send provocative pictures to their email and Facebook contacts.



On May 19th, 2011 alone Williamson sent extortionate emails to about 75 women.

He attempted to hide his ID by using several IP Adresses and an anonymizer tool (like i.ex. Ghostsurf) but the Smartass should have known that he can be tracked down by authorities anyway.

Files with photos of personal information for more than 150 women were found on Williamson’s computer; 23 images and 31 videos of child pornography were also uncovered.

Williamson will spend 66 months in federal prison and further will serve 10 years of supervised release. He also has been registered as a sex offender and his CPU-Hardware were forfeited as well.

Many agencies, including the FBI, the FDLE (Florida Department of Law Enforcement) and the JSO (Jacksonville Sheriff's Office) were involved in the investigation.

SOURCE: http://www.wokv.com/

4/28/2014

CVE-2014-1776:

Microsoft Internet Explorer Use-After-Free Vulnerability
Being Actively Exploited
Vulnerability Note VU#222929

US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.


US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available.

For more details, please see:

http://www.kb.cert.org/vuls/id/222929

https://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

PUA.JS.Obfus-7 @ pro-hackerz.blogspot.com
recently detected as a Potentially Malicious Blogspot
with a likely damaging Heap Spray Attempt



MALICIOUS & MALWARE BLOG:
http://pro-hackerz.blogspot.com/

  • https://www.virustotal.com/de/url/df11cd4c7eb26602db65645887663070ac8f682a8206ff185e76347e3f82917d/analysis/1398709316/

PUA.JS.Obfus-7

  • https://www.virustotal.com/de/file/60956bff3cc0bdb608beb77417d96c1a46ec531e9537504de4d27cc30e98c707/analysis/1398709404/
Likely Malicious Heap Spray Attempt
  • https://urlquery.net/report.php?id=1398709408204
  • https://urlquery.net/report.php?id=1398709393557
  • https://urlquery.net/report.php?id=1398709407940

SEE ALSO:
  • http://quttera.com/detailed_report/pro-hackerz.blogspot.com
SOME CODE :

186.94.81.128
Category MALICIOUS IP
Palos Grandes, VENEZUELA
Spamhaus listed (PBL)



IP:
http://186.94.81.128/
  • https://www.virustotal.com/de/url/347ec8b05932a64cc5e39ad8df105c962ea48fa2bb24660cff0570b815c3b04b/analysis/1398683475/
LISTED AT SPAMHAUS (PBL 915113):
  • http://www.spamhaus.org/query/bl?ip=186.94.81.128
  • http://www.spamhaus.org/pbl/query/PBL915113
LISTED AT TONEVALL:
  • http://dnsbl.tornevall.org  
See as well:
  • http://www.stopforumspam.com/ipcheck/186.94.81.128
E-MAIL REP: POOR
  • http://www.senderbase.org/lookup/?search_string=186.94.81.128 


4/27/2014

SPAM - SCAM - PHISHING MAIL from:
www.redcappi.com & b-unitd.com
LANSING, MICHIGAN, United States

"Re: Ihre Bestellung"
rechtsanwalt.maiers@gmail.com



First take a look at this post, also from redcappi.com

http://stayaway2.blogspot.com/2014/04/zdf-eiltachtungschockierende-meldung.html

Latest Redcappi Mail Screenshot

ACHTUNG! Sondernewsletter!

Sie haben keine Bestellung bei uns getätigt, werden es aber wie 97,2% unserer Leser nach dieser Mail tun!



Rührende Geschichte bringt Moderatorin von "Raus aus den Schulden" zu weinen!



Arbeitslos und mit über 130.000 Euro verschuldet

Dieser Mann änderte sein Leben und verdient mit diesem System bis zu 263,69 Euro am Tag!

Bald von hohen Schulden zum Reichtum? RTL2 testete Live im TV



Die Moderatoren waren verblüfft! Sie können es auch! Uns zwar absolut KOSTENLOS!

Doch es gibt einen Haken! Dieses Patent wird ist leider stark begrenzt.

Denn der Patentbesitzer hat dieses System an eine US Bank verkauft!



Nur Diejenigen, die sich noch rechtzeitig registrieren, dürfen das System lebenslänglichkostenfrei nutzen!



Schauen Sie sich schnell das Video an, das Ihr Leben verändern wird!


HIER GEHT ES ZUM VIDEO 

Sollte der Link nicht funktionieren, dann kopieren Sie bitte die Domain in den Browser:
http://b-unitd.com/9uw 
----------------------------------------------------------------------------------------------------------------------------------------------
http://www.redcappi.com/
  • https://www.virustotal.com/de/url/67dc853cd6c065dae93edf295021f261c0c3a2b181cdd28f6780119554a3cfca/analysis/1398617170/

http://b-unitd.com/9uw
  • https://www.virustotal.com/de/url/3ac985b1b94ecb91cfe388eea0255b6e5f053b72f4648f5f990c9806fbcd9fc2/analysis/

URL after redirects
http://www.projekt95pro.com/?campaign=6739&ft=1&p=jsbfaeyJhIjoiMTAwODg4IiwiYyI6IjEzOTg2MTczMjU0OTgzNzE1MzUiLCJ4IjoicmVkY2FwcGkzMS4wMy4xNC1BZHJlc3NidXRsZXIifQ==
  • https://www.virustotal.com/de/url/6982efa0dcb5cb5914627017685691708d026cca3f3f4430ddf00e8d8a38d5fc/analysis/


OTHER PARTICULAR LINKS in THE EMAIL HEADER:

  • http://www.redcappi.com/c/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

  • http://www.redcappi.com/newsletter/unsubscribe_mail/unsubscribe/338111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

  • http://www.redcappi.com/newsletter/clickrate/create/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW/1

  • http://www.redcappi.com/newsletter/clickrate/create/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW/2

  • http://www.redcappi.com/newsletter/clickrate/create/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW/3

  • http://www.redcappi.com/newsletter/powered_by_redcappi/index/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

  • http://www.redcappi.com/webappassets/images-front/thanks-logo.png

  • http://www.redcappi.com/newsletter/unsubscribe_mail/unsubscribe/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

  • http://www.redcappi.com/newsletter/forward_to_friend/index/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

  • http://www.redcappi.com/newsletter/unsubscribe_mail/read/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

ORIGINATING IP(s):
http://14.3.31.13/ (JAPAN)
  • https://www.virustotal.com/de/url/666d6c71daa4949cdf56903f33548099340d2ca4d3ba2cb056a4328820b498c4/analysis/1398618595/
http://50.28.15.48/ (Lansing, MICHIGAN)
  • https://www.virustotal.com/de/url/9608502cf9ac7e4340127003a8b89f7570d61229ce1b67f641f5ff893bba974b/analysis/1398618787/
SPAM MAILSERVER FROM MICHIGAN:

MAILS SENT FROM IP: 144
  • https://www.projecthoneypot.org/ip_50.28.15.48

What is Snowshoe Spamming ?

Snowshoe spamming is a spamming procedure in which the spammer (mostly a Spambot) uses a wide range of IP addresses in order to spread out the prepared spam load. The large spread of IP addresses makes it difficult to identify and trap the spam from where its originating from, allowing at least some of it to reach email inboxes. For companies which specialize in trapping spam, Snowshoe Spamming is particularly harmful, because it is difficult to trap it with traditional spam filters.


Like a snowshoe spreads the load of a traveler across a wide area of snow, snowshoe spamming is a technique used by spammers to spread spam output across many IPs and domains, in order to reduce reputation metrics and evade filters. Snowshoes are designed to spread a large weight across a wide area so that the wearer does not break through crusts of snow and ice, as snowshoe spam distributes a broad load of spam across a varied array of IP addresses in much the same way.

IP addresses in the United States were responsible for almost 27% of snowshoe campaigns

Like all spammers, snowshoe spammers anticipate that some of their unwanted emails will be trapped by spam filters. Snowshoe spamming gives more email a chance at getting through to an inbox, where it can reach a computer user.

Setting up a snowshoe spamming operation requires some resources and knowledge, as the spammer must have access to an array of IP addresses. Snowshoe spammers typically use an assortment of domains, which may be linked to different servers and providers to further spread the spam load. In a sampling of emails sent by a snowshoe spammer, repeating IP addresses are fairly rare, which means that filters must focus on the content, rather than the sender, to trap spam.

Legitimate providers of email services use a very narrow range of IP addresses for sending email. This is generally viewed as a mark of integrity, as is the use of clear disclosure about who owns the originating domain. By contrast, snowshoe spamming often involves domains which are hidden behind layers of anonymity, making it difficult to track down the owner and report abuse. Especially in nations with anti-spam legislation, tracking down the parties responsible for spam, spyware, and other malicious activities can be extremely difficult, because perpetrators are good at covering their tracks.

Several anti-spam attempts have focused on targeting specific domain registrars and hosts. Certain registrars are infamous for harboring spammers, and by identifying large numbers of spam sites in their client lists, anti-spam advocates hope to take down those sites or humiliate the registrar into tightening its terms of service. Snowshoe spamming sometimes exposes a systemic problem with a particular host, as anti-spam advocates realize that large amounts of spam originates from domains managed by the same company.

Snowshoe spam accounted for all but about 5% of spam from the U.S. top 10
Snowshoers use many fictitious business names (DBA - Doing Business As), fake names and identities, and frequently changing postal dropboxes and voicemail drops. Conversely, legitimate mailers try hard to build brand reputation based on a real business address, a known domain and a small, permanent, well-identified range of sending IPs. Snowshoers often use anonymized or unidentifiable whois records, whereas legitimate senders are proud to provide their bona fide identity.

Some showshoers use tunneled connections from their back-end spam cannon to the spam egress IP. The back-end IP address is not in the spam headers. ISPs, you are in a position to detect those back-end spam cannons by checking where traffic flows are coming from. Remember, the tunneled connection is not necessarily on port 25. Spamhaus always appreciates such information.

http://www.spamhaus.org/faq/section/Glossary#233

Marylands ONLINE CHILD PREDATORS 2011/2012:
Roger Allen Repp, III, age 45,
Sentenced to 25 Years in Prison for Sexually Exploiting a Minor
to Produce Child Pornography

U.S. District Judge Catherine C. Blake sentenced Roger Allen Repp, III, age 45, formerly of Hagerstown, Maryland, on September 6th, 2012, to 25 years in prison, followed by supervised release for life, for sexually exploiting a minor to produce child pornography. Judge Blake also ordered that upon Repp’s release from prison he must register as a sex offender in the place where he resides, where he is an employee, and where he is a student, under the Sex Offender Registration and Notification Act (SORNA).

Roger Allen Repp
The sentence was announced by United States Attorney for the District of Maryland Rod J. Rosenstein; Acting Special Agent in Charge Timothy P. Groh of the Federal Bureau of Investigation; Colonel Marcus L. Brown, Superintendent of the Maryland State Police; and Washington County State’s Attorney Charles P. Strong, Jr.

According to Repp’s plea agreement, Repp produced sexually explicit and lascivious photographs of a teenage girl under the age of 16 via a pinhole camera he set up in the girl’s bedroom and bathroom, without her knowledge. Repp admitted that he distributed those images to other pedophiles via a file sharing program over the Internet, in return for other child pornography being sent to him. Repp’s conduct was discovered during an undercover investigation of file sharing activities on the Internet, when on March 11th and March 16th, 2011, respectively, two separate undercover investigators downloaded images and videos of child pornography from Repp’s collection via a file sharing program.

Judge Blake
As a result of the undercover investigation, a search warrant was executed at Repp’s residence on April 22nd, 2011, by members of the Maryland State Police Computer Crimes Unit. Law enforcement seized two laptop computers, an external hard drive, and digital media. A subsequent forensic examination of the external hard drive revealed numerous files of child pornography, including 125 video files depicting the victim that were surreptitiously filmed by Repp. There were also several chat logs between Repp and others where he offered to share files of the victim and chats where Repp is looking for other individuals to share files with him.

SOURCE: http://www.examiner.com