Web Security And Awareness towards Cybercriminals: Category MALICIOUS DOMAIN

Posts mit dem Label Category MALICIOUS DOMAIN werden angezeigt. Alle Posts anzeigen

6/07/2014

MALICIOUS UKRAINIAN BLOG VISITOR TO THIS SITE:
Domain: www.trustcombat.com
IP: 193.169.86.16
Both listed at SPAMHAUS (CBL & DBL)
Darkmailer, DirectMailer, r57shell

MALICIOUS UKRAINIAN BLOG VISITOR
DOMAIN:

http://www.trustcombat.com/

https://www.virustotal.com/de/url/2cf65d9d85697456c083934f86a3ff2ebe33957bdeb4a46bfcfade3757943dba/analysis/1402156166/

https://www.virustotal.com/de/file/7c480e29f808effb1f06aa2dfd0a97a3192fc649293ecb39679716f16c000a1a/analysis/1402155972/

SPECIFIC VISITING LINK:

http://www.trustcombat.com/faq.htm

https://www.virustotal.com/de/url/f82e2bab033491836777d7b66c735884473f12a8f2bc05cb94994411ab0729cc/analysis/

https://www.virustotal.com/de/file/dac8b8d3f068796c7eda0e4fc1e529c151fc069f0788ac2992f166f47a47b944/analysis/1402155861/

LISTED AT SPAMHAUS (DBL):

http://www.spamhaus.org/query/domain/trustcombat.com

SEE ALSO:

http://zulu.zscaler.com/submission/show/3c2cb0b556a921a810249fdbc9203e5a-1402155759

https://www.mywot.com/en/scorecard/trustcombat.com

ALSO:

Nginx Server SOFTWARE OUTDATED. VULNERABLE !

IP:

http://193.169.86.16/

https://www.virustotal.com/de/url/71b23f991cac80f7ca367f2d91c835c62b6b6bdb1e15965813640c1172e91429/analysis/1402157283/

https://www.virustotal.com/de/file/2c16cd2a73dd803fda6f64ad50e507d0d6e72474036008c13e01bbd188f22a75/analysis/1402157590/

https://www.virustotal.com/de/ip-address/193.169.86.16/information/

The IP Address 193.169.86.16 (IP LOCATION: Ukraine) is listed in the CBL (Composite Blocking List). It appears to be infected with a spam sending trojan, proxy and/or some other form of botnet. It was last detected at 2014-06-06 07:00 GMT (+/- 30 minutes), approximately 1 days, 9 hours, 29 minutes ago.

It has been relisted following a previous removal at 2014-06-01 06:17 GMT (6 days, 10 hours, 21 minutes ago).

This IP is sending email in such a way to indicate that it is, or is NATting for a web server that is infected with a spam sending script, like Darkmailer, DirectMailer, r57shell, or some analogous Perl, PHP or CGI script.

IP LISTED AT SPAMHAUS (CBL):

http://www.spamhaus.org/query/bl?ip=193.169.86.16

http://cbl.abuseat.org/lookup.cgi?ip=193.169.86.16

EMAIL REP: POOR

http://www.senderbase.org/lookup/?search_string=193.169.86.16

5/21/2014

Snowshoe Spam & PHISHING from
hintcontrol.com
"Recevez vos 2222Eur de B0nus" ("Receive a 2222 Euro Bonus)
Hamilton, CANADA IP: 68.66.63.47 (Listed at SPAMHAUS)

Recevez vos 2222€ de

bienvenue maintenant!

En plus de cela, nous offrons des bonus gratuits speciaux.

Voici comment recevoir vos 2222€:

• Ouvrez un compte

• Allez sur le chat en direct en cliquant ici et ecrivez le code suivant: 2222

• Selectionnez un jeu auquel vous aimeriez jouer depuis les options disponibles

• Vous avez 48 heures pour prendre le bonus

Contactez-nous pour reclamer vos 2222€.

L'equipe chaleureuse du support est disponible 24/7.

Soyez rapide - Cette offre est valable pour une periode limitee!

Cordialement,
John F.

MAIL SCREENSHOT

--------------------------------------------------------------------------------------------------------------------------------------------

PHISHING, SPAM & SCAM DOMAIN:

http://hintcontrol.com/

https://www.virustotal.com/de/url/d08035f592b89fcc08f095f6223461b8398777c25df0021def4233588d6d0577/analysis/1400676550/

OTHER LINKS IN THE MAIL:

http://hintcontrol.com/link.php

https://www.virustotal.com/de/url/a4e0ade9db3e028e094bf4969ce3b7cb80783d9d3f6ecf1478f780aae2dc235c/analysis/1400676704/

https://www.virustotal.com/de/file/22fc373d3b3ab36009613adfd7bb60f7135a4f510aa31808856e721dd5799d0c/analysis/1391621840/

http://hintcontrol.com/open.php

https://www.virustotal.com/de/url/7da87cb951f0d660fc77ec4729444510a0306b278147b9baeef07553f0b39f58/analysis/1400676746/

https://www.virustotal.com/de/file/dd5bdccb831d1b19c505bd3e67553f6049cea2e20dba7eb231a02ed0103e521f/analysis/1400396318/

http://hintcontrol.com/unsubscribe.php

https://www.virustotal.com/de/url/4b68e4d1860ce9b98bbf19294b988dede6aa7c34ef59a64241698795940def92/analysis/1400676787/

https://www.virustotal.com/de/file/fb18ec2dc45858efd8a69d17873eb1a92801a4af8e6b6a44b03e9e7a69d11ffd/analysis/1391621799/

BLACKLISTS:

http://www.spamhaus.org/query/domain/hintcontrol.com
https://www.mywot.com/en/scorecard/hintcontrol.com
http://www.surbl.org/lists
http://zulu.zscaler.com/submission/show/4e639b2311aa3e474bcb1eba327a1e3a-1400676384

DOMAIN-IP (ANALYSIS MOMENT):

http://68.66.63.47/

https://www.virustotal.com/de/url/fc053947e300bbe62a101a18295c553058b0ff9912a9c414cb539a19f512d509/analysis/1400677067/
https://www.virustotal.com/de/ip-address/68.66.63.47/information/

SNOWSHOE SPAM BLACKLISTED AT:

http://www.spamhaus.org/query/bl?ip=68.66.63.47
http://www.spamhaus.org/sbl/query/SBL218662
http://www.spamhaus.org/sbl/listings/networxhosting.com
http://networxhosting.com/
https://www.virustotal.com/de/url/7d49824dde2a6c1f3bf7794240fb4638a87c1c1e420a2a65720a791662f96543/analysis/1400677424/
http://www.senderbase.org/lookup/?search_string=68.66.63.47
http://zulu.zscaler.com/submission/show/ec6dd530622db7ec31301159b81b7e9c-1400676906

MAIL ORIGINATING IP(s):

http://14.4.22.14/ (SOUTH KOREA)

https://www.virustotal.com/de/url/b4587224cb226aefacab1ed4e70d2e0695db607469fdb4c0f5c2084182957e5b/analysis/1400677788/

LISTED AT SPAMHAUS (SBL & DROP)

http://www.spamhaus.org/query/ip/14.4.22.14
http://www.spamhaus.org/sbl/query/SBL187947
http://www.senderbase.org/lookup/?search_string=14.4.22.14

http://68.66.63.122/

https://www.virustotal.com/de/url/379fe4b9d56b57279031e9cf4f00f5452269914c30abdc837c567845c0dd49cb/analysis/1400678183/

LISTED AT SPAMHAUS (SBL):

http://www.spamhaus.org/query/bl?ip=68.66.63.122
http://www.spamhaus.org/sbl/query/SBL218662
http://www.senderbase.org/lookup/?search_string=68.66.63.122

IP RANGE INCLUDES THE FOLLOWING BLACKLISTED DOMAINS (IPs):

68.66.63.2    sightsetup.com    listed
68.66.63.3    setuplevel.com    listed
68.66.63.4    setupidea.com    listed
68.66.63.5    setupgrade.com    listed
68.66.63.6    directsetup.com    listed
68.66.63.7    setuphint.com    listed
68.66.63.8    ranklevel.com    listed
68.66.63.9    hintrank.com    listed
68.66.63.10    sightbusiness.com listed
68.66.63.11    officelevel.com    listed
68.66.63.12    sortideas.com    listed
68.66.63.13    steadysort.com    listed
68.66.63.14    guidehint.com    listed
68.66.63.15    sightlead.com    listed
68.66.63.16    steadylead.com    listed
68.66.63.17    leadsetup.com    listed
68.66.63.18    setuplead.com    listed
68.66.63.19    managesight.com    listed
68.66.63.20    managestatus.com listed
68.66.63.21    managesetup.com    listed
68.66.63.22    hintcontrol.com    listed
68.66.63.23    controlimage.com listed
68.66.63.24    pointsteady.com    listed
68.66.63.25    setupoint.com    listed
68.66.63.26    channelidea.com    listed
68.66.63.27    sightsetup.com    listed
68.66.63.28    setuplevel.com    listed
68.66.63.29    setupidea.com    listed
68.66.63.30    setupgrade.com    listed
68.66.63.31    directsetup.com    listed
68.66.63.32    setuphint.com    listed
68.66.63.33    ranklevel.com    listed
68.66.63.34    hintrank.com    listed
68.66.63.35    sightbusiness.com listed
68.66.63.36    officelevel.com    listed
68.66.63.37    sortideas.com    listed
68.66.63.38    steadysort.com    listed
68.66.63.39    guidehint.com    listed
68.66.63.40    sightlead.com    listed
68.66.63.41    steadylead.com    listed
68.66.63.42    leadsetup.com    listed
68.66.63.43    setuplead.com    listed
68.66.63.44    managesight.com    listed
68.66.63.45    managestatus.com listed
68.66.63.46    managesetup.com    listed
68.66.63.47    hintcontrol.com    listed
68.66.63.48    controlimage.com listed
68.66.63.49    pointsteady.com    listed
68.66.63.50    setupoint.com    listed
68.66.63.51    channelidea.com    listed
68.66.63.52    sightsetup.com    listed
68.66.63.53    setuplevel.com    listed
68.66.63.54    setupidea.com    listed
68.66.63.55    setupgrade.com    listed
68.66.63.56    directsetup.com    listed
68.66.63.57    setuphint.com    listed
68.66.63.58    ranklevel.com    listed
68.66.63.59    hintrank.com    listed
68.66.63.60    sightbusiness.com listed
68.66.63.61    officelevel.com    listed
68.66.63.62    sortideas.com    listed
68.66.63.63    steadysort.com    listed
68.66.63.64    guidehint.com    listed
68.66.63.65    sightlead.com    listed
68.66.63.66    steadylead.com    listed
68.66.63.67    leadsetup.com    listed
68.66.63.68    setuplead.com    listed
68.66.63.69    managesight.com    listed
68.66.63.70    managestatus.com listed
68.66.63.71    managesetup.com    listed
68.66.63.72    hintcontrol.com    listed
68.66.63.73    controlimage.com listed
68.66.63.74    pointsteady.com    listed
68.66.63.75    setupoint.com    listed
68.66.63.76    channelidea.com    listed
68.66.63.77    sightsetup.com    listed
68.66.63.78    setuplevel.com    listed
68.66.63.79    setupidea.com    listed
68.66.63.80    setupgrade.com    listed
68.66.63.81    directsetup.com    listed
68.66.63.82    setuphint.com    listed
68.66.63.83    ranklevel.com    listed
68.66.63.84    hintrank.com    listed
68.66.63.85    sightbusiness.com listed
68.66.63.86    officelevel.com    listed
68.66.63.87    sortideas.com    listed
68.66.63.88    steadysort.com    listed
68.66.63.89    guidehint.com    listed
68.66.63.90    sightlead.com    listed
68.66.63.91    steadylead.com    listed
68.66.63.92    leadsetup.com    listed
68.66.63.93    setuplead.com    listed
68.66.63.94    managesight.com    listed
68.66.63.95    managestatus.com listed
68.66.63.96    managesetup.com    listed
68.66.63.97    hintcontrol.com    listed
68.66.63.98    controlimage.com listed
68.66.63.99    pointsteady.com    listed
68.66.63.100    setupoint.com    listed
68.66.63.101    channelidea.com    listed
68.66.63.102    sightsetup.com    listed
68.66.63.103    setuplevel.com    listed
68.66.63.104    setupidea.com    listed
68.66.63.105    setupgrade.com    listed
68.66.63.106    directsetup.com    listed
68.66.63.107    setuphint.com    listed
68.66.63.108    ranklevel.com    listed
68.66.63.109    hintrank.com    listed
68.66.63.110    sightbusiness.com listed
68.66.63.111    officelevel.com    listed
68.66.63.112    sortideas.com    listed
68.66.63.113    steadysort.com    listed
68.66.63.114    guidehint.com    listed
68.66.63.115    sightlead.com    listed
68.66.63.116    steadylead.com    listed
68.66.63.117    leadsetup.com    listed
68.66.63.118    setuplead.com    listed
68.66.63.119    managesight.com    listed
68.66.63.120    managestatus.com listed
68.66.63.121    managesetup.com    listed
68.66.63.122    hintcontrol.com    listed
68.66.63.123    controlimage.com listed
68.66.63.124    pointsteady.com    listed
68.66.63.125    setupoint.com    listed
68.66.63.126    channelidea.com    listed

5/08/2014

ANGLER EXPLOIT KIT (& HEUR:Trojan.Script.Generic)
Newly Detected Malicious DOMAINS from FRANCE:
black-salope.photos-films-x.com
www.photosx-videosx.com
belles-noires.photosx-videosx.com
IPs: 23.239.17.30 & 194.150.236.81

FRENCH MALWARE DOMAIN(s):
LINKS TO INFECTED DOMAINS (HEUR:Trojan.Script.Generic / ANGLER EXPLOIT KIT)

SITE:

http://black-salope.photos-films-x.com/

https://www.virustotal.com/de/url/afd7b2909fd81c0403dcd2d7751966ce255d6011b4217b857f102f0bd02b1d7d/analysis/1399550506/

SPECIFIC MALICIOUS URL:

http://black-salope.photos-films-x.com/black-salopes.html

https://www.virustotal.com/de/url/dd6f70d37f067050a8e9e7c9a902ed98e18697b125206252d2f9ab8ee4e44e80/analysis/1399550918/

http://quttera.com/detailed_report/www.photosx-videosx.com

INFECTED LINKS FOUND HERE:

1)

http://www.photosx-videosx.com/

https://www.virustotal.com/de/url/304eacef10ded96e02de6a8c7377facaf6fe00fa0f7abfb4916e509406caa0b0/analysis/1399551145/

HEUR:Trojan.Script.Generic

https://www.virustotal.com/de/file/8eb3907b32e45e38453b56a05aed6b0132f31e7db511e14da383c2e0821b55ea/analysis/1399551334/

Malicious iframe injection
Angler exploit kit URL pattern

https://urlquery.net/report.php?id=1399551228285

--->

http://promo.vador.com/js/tc_loader.js

https://www.virustotal.com/de/url/8cc9be1632fafa63070ba909501c2c1253363913f508c68ca851e53d3e997082/analysis/1399553305/

https://www.virustotal.com/de/file/017051c711d3cd4e1dfdfba7976237e86bcbf1841b8c4e96627c929403ea9a20/analysis/1397006857/

---->

DOMAIN:

http://consciousnesszone.com/

https://www.virustotal.com/de/url/ac7d259785dcda43ec1ec46b60d5be4f6850e7f516a35007fff1a3c34df8daee/analysis/1399553019/

http://sitecheck.sucuri.net/results/consciousnesszone.com

MALICIOUS URL (DOCWRITE)

http://consciousnesszone.com/wp-content/plugins/InstaBuilder/zE1ZWXxV.php?id=1707269

https://www.virustotal.com/de/url/e389ae2a547adde57bd8665fd45aa84307e994f550e08c11e2b3b125cdef3ee4/analysis/1399552408/

DOMAIN:

http://socialmediahelpforbusinesses.com/

https://www.virustotal.com/de/url/bb5f27c3c682dcde39769b673429d69f6ba7bb293824ffa555807aaafa16ee25/analysis/1399552046/

EXPLOIT URL (in this case (random)):

http://socialmediahelpforbusinesses.com/o5a8oheam8

https://www.virustotal.com/de/url/98ba770ce401bfc84286efaed8dd08e614c1c8f74198fb2f429bb91ebf6fed55/analysis/1399552020/

EXPLOIT ANGLER

https://www.virustotal.com/de/file/59831c7074ce6fb3cad1c442da9d8f943340909375e156ce988d3b6a5cbf86ee/analysis/1399551862/

---------------------------------------------------

2) SAME FOR

http://belles-noires.photosx-videosx.com/

https://www.virustotal.com/de/url/356c31acbf7f736f50a26783583632d2754b8a0094339ed70d4c1703d941f164/analysis/1399553987/

HEUR:Trojan.Script.Generic

https://www.virustotal.com/de/file/37ccdabc9e5d4dc17f00af44f311417577ab1dfe884634e663ae15184e37de0e/analysis/1399554228/

http://urlquery.net/report.php?id=1399554055463

---------------------------------------------------
IPs:

1)

http://194.150.236.81/

https://www.virustotal.com/de/url/090783f03563157938a2c276a895517863727923085fe8723335e188fbe0efd3/analysis/1399554601/

https://www.virustotal.com/de/ip-address/194.150.236.81/information/

http://23.239.17.30/

https://www.virustotal.com/de/url/698f78c8e171958c4fe2e9090202804a5ec63d5b1a03bb31abae5094a7bef84c/analysis/1399554712/

4/30/2014

down.360safe.com with Win32/Trojan.Genome:
MALICIOUS DOMAIN FROM CHINA
IP: 180.153.229.17 Shanghai & IP: 220.181.150.209 Beijing

CHINESE (Shanghai & Beijing)
MALWARE DOMAIN: & SUSPICIOUS FILE
DOMAIN + SUBDOMAIN: BLACKLISTED @ MalwareDomainList

http://360safe.com/

https://www.virustotal.com/de/url/b3e16d689af0dd0c1c7f91b3bb7d3b1945f8a38b0f944713c0f87244ee2baee0/analysis/

SUBDOMAIN:

http://down.360safe.com/

https://www.virustotal.com/de/url/a0ded28ef8f22d505636819bb2b8bba88412c8157ca3ac4723a5a34fe994cb73/analysis/1398878350/

SUSPICIOUS FILE LINK:

http://down.360safe.com/setup.exe

https://www.virustotal.com/de/url/659adefa8017920149ed69bc009b0bc8be1ba53a02a589346392cec09cf144f6/analysis/1398878498/

SUSPICIOUS FILE:

https://www.virustotal.com/de/file/1f99e9e6e5bb5444a6010219b44837c89aab951c177da702d771e91dcbfc97d2/analysis/

IP(s):

http://180.153.229.17/

https://www.virustotal.com/de/url/67118050119382d41608cd53e67db70664b09dcd75fe9ad47994be1228b77e9b/analysis/1398878751/

https://www.virustotal.com/de/ip-address/180.153.229.17/information/

http://220.181.150.209/

https://www.virustotal.com/de/url/d4968e75e9802ef631320da4bb1c4c5c5766b28fedb5a90160a18ca79f70b2cf/analysis/1398878962/

https://www.virustotal.com/de/ip-address/220.181.150.209/information/

SEE ALSO:

http://urlquery.net/report.php?id=1398876496772

http://quttera.com/detailed_report/down.360safe.com

4/12/2014

Let US Welcome:
lunpandubishengfa.zhuolingxiu.com as a MALICIOUS VISITOR
(to this Blogspot)
FROM Beijing, CHINA & Walnut, UNITED STATES
IP: 110.173.196.1

MALICIOUS BLOGVISITOR FROM Beijing, CHINA
& Walnut, UNITED STATES

DOMAIN:

http://zhuolingxiu.com/

https://www.virustotal.com/de/url/b7d7f19c52b69e6721a7b9073741e7c6dc01f7bd4f3e04d9a95e150abb4ecb29/analysis/1397322523/

HTML:

https://www.virustotal.com/de/file/70624e295994c8b58995ea206a9d203bb56fad709b05ac972f053307a3399911/analysis/1397322837/

http://sitecheck2.sucuri.net/results/zhuolingxiu.com

IP:

http://110.173.196.1/

https://www.virustotal.com/de/url/ab6314d04650288df2d4054571208375f4606cdf8b09266e3427a91d2a6f8e62/analysis/1397323537/

https://www.virustotal.com/de/ip-address/110.173.196.1/information/

BHA: 3

https://www.projecthoneypot.org/ip_110.173.196.1

Fwd/Rev DNS Match: NO

http://www.senderbase.org/lookup/?search_string=110.173.196.1

MALICIOUS SUBDOMAIN:

http://lunpandubishengfa.zhuolingxiu.com/

https://www.virustotal.com/de/url/7481662efef095e53073ccc590585966f6b5c3f3c21d2364dc550ee577836b1f/analysis/

http://sitecheck2.sucuri.net/results/lunpandubishengfa.zhuolingxiu.com

http://www.urlvoid.com/scan/lunpandubishengfa.zhuolingxiu.com/

VISITING LINK:

http://lunpandubishengfa.zhuolingxiu.com/16024/

https://www.virustotal.com/de/url/df9f8d71cd3e8c7a80affdc3a9addb0964b0cae6355eddfabc316dbb74ef5e85/analysis/1397321793/

IP:

http://107.160.11.209/

https://www.virustotal.com/de/url/ab6314d04650288df2d4054571208375f4606cdf8b09266e3427a91d2a6f8e62/analysis/1397323537/

Network Owner: Psychz Networks

http://www.psychz.net/

https://www.virustotal.com/de/url/d1aaf5879110e18c64671ba2386ec1e8cb1e8c9144adb6dc9e1003003f67e814/analysis/1397325169/

4/09/2014

apps.michaelpriest.com.au
Potentially Suspicious/Malicious BLOGVISITOR with
Manipulated Executable Application on TOUR (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider)

DOMAIN:

http://apps.michaelpriest.com.au/

https://www.virustotal.com/de/url/6ed7612be01bb6857f4c58180d754ce179543c18ee158c5da13721da9fc41993/analysis/1397077102/

VISITING URL:

http://apps.michaelpriest.com.au/MPPluginInstaller/setup.exe

https://www.virustotal.com/de/url/7383065de37bccf2367981da8b9925d60ca5e64872483b152392890e32dd2816/analysis/1397074594/

Manipulated Executable Application (POSSIBLY from MS):
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

https://www.virustotal.com/de/file/200dc3ffc7fed9f5151a4195f4bf2cbda14414b4afacea90f0d3098d80bb5547/analysis/

SEE ALSO:

https://urlquery.net/report.php?id=1397074602869

http://www.urlvoid.com/ip/103.247.224.141/

http://sitecheck2.sucuri.net/results/www.ashburtonfamilydental.com.au

https://www.virustotal.com/de/url/3a502336930e5ec0f405d5fbc929d68a8ea74cb979591113885cbdf881e7083e/analysis/1397077282/

http://www.senderbase.org/lookup/?search_string=103.247.224.141

4/03/2014

MALICIOUS GOOGLE ADs:
lp.usafis.org
IP: 199.83.133.103 Dover, DELAWARE (UNITED STATES)

FOR WEBMASTERS

If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain lp.usafis.org in your AdSense Dashboard. The Site is Blacklisted. See the following Report:

SCREENSHOT

CATEGORY MALICIOUS ADs:

URL-ADRESS:

http://www.googleadservices.com/pagead/aclk?sa=L&ai=CQWYQ6Fg8U-mVAqbh7gbvwYG4BuG8-sQEiYLSz6kBkMXezTQQASCOwJQjUPaHqvwBYLsDoAHIvKPRA8gBAagDAcgDwwSqBJMBT9DSNrdKaf3tgZ3HfWKVLH0Z46SKm9m2r8uHx3Ft-dltZpHnSTihb5h2ESNihNSi7PSdBLo5afvwg71-spzF0iaj_Aw6jWpUqxO_0Lr5Y7mObN50oN3QUHfVD4qPMo7nwFONtdoIGBHQp5Aaw-0GGiCq1lGeGPk6HWaJlslc6gVPhANw-yEp43j6sHJ37kXsPS_DiAYBgAehhcgg&num=1&cid=5GgDBitt7wd5qFH1jxkIzw7b&sig=AOD64_0UD0Zu2wYnP7KOChIno2RcihNCaw&client=ca-pub-5585202032329389&adurl=http://lp.usafis.org/newG_lp/usafis/usafisGLP%3Faf%3Dwiz_1959_&nm=17&mb=2&bg=!A0TCTVHOo1F4igIAAAAwUgAAACMqAOGa7fUKZLHPJScEM3xhxwSxbxPrjVHd-sw6Hg35xKGt3qwcRr-Ua8bVIgF-HTZ6EuyIcZyEn2OsnrTDBymDzR64g51dDmIK_dNVn4HnJaCqoWc34ChDOhdfiRLX8cyJIqWOw61MGek5TrJgT8jp0ZPjFcAMOqPrMKM-LQdgzlbuevIcZcWmSxXtO2P4oU7stltNGw9k8bDDnhJrkSJ5p3bcUYZxK4bnjKWTwc4JtrULyq1QFEbp0tOtnVHHVt9Y2-Dw42fvk6ZxyesqRuMnxCmV2gXQn81ajrTWBM7QxMKAUbA

VT-Analysis:

https://www.virustotal.com/de/url/57c334c691162cf05c07d1cd880313c4e51ac68b92315a65494a3df0d7314a61/analysis/1396464870/

URL AFTER REDIRECT: MALICIOUS DOMAIN

http://lp.usafis.org/newG_lp/usafis/usafisGLP?af=wiz_1959_&gclid=CJ6ov4S9wr0CFYY7MgodglgASQ

https://www.virustotal.com/de/url/0807f2619bc2c0e997f58d21acabc4ee3ac0900f1b7142d02eda01dd9cfac7a3/analysis/

DOMAIN ITSELF: (BR = BAD REPUTATION)

http://lp.usafis.org/

https://www.virustotal.com/de/url/d0c317fdd6d7274f310d98d4cb3efffbc2da92f503f4e7aed663d6615dba3871/analysis/

IP:

http://199.83.133.103/

https://www.virustotal.com/de/url/02b83c37d237956138a7fa8102e34ccdcb9e27b05422089a0f107734c5b5869c/analysis/1396465973/

https://www.virustotal.com/de/ip-address/199.83.133.103/information

4/01/2014

Trojan BLOGVISITOR from CHINA:
DOMAIN zychina.mobi infected with Trojan.JS.Iframe.fz
IP: 218.104.136.146 from Xiamen, CHINA

CHINESE MALWARE:

DOMAIN:

http://zychina.mobi/

https://www.virustotal.com/de/url/b212fd8098e178418e113cb823368b43f133aaac51838ae708dba4a923c41a7b/analysis/1396354754/

Trojan.JS.Iframe.fz

https://www.virustotal.com/de/file/49f2b6bf7563ea06b69ee3684c93570a430d18c97faaae60254a60459b798e1d/analysis/1396354981/

VISITING LINK:

http://zychina.mobi/seller/offerdetail/12-97-0-176.html

https://www.virustotal.com/de/url/7ebc5b4cbf1444fad375a685d687bdf33da5f77b4822b647f335faccd98770e4/analysis/

Trojan.JS.Iframe.fz

https://www.virustotal.com/de/file/3a0a92fc03235935b8403f6ebec3aeb1bc8dedce42b4531f6837856c276f8ab4/analysis/1396355327/

mm.aa88567.cn (Parked Domain)

DOMAIN:

http://mm.aa88567.cn/

https://www.virustotal.com/de/url/1e45da7aac14b36d7d105ce784a495150344dfd34da1978ac05606a30ddbc3ae/analysis/1396355633/

REMOTE URL:

http://mm.aa88567.cn/index/mm.js

https://www.virustotal.com/de/url/9301134079c20e75b649ea30d29daa465a2e81ead033a5312b394585b7cfd9ef/analysis/1396355646/

IP(s):

1) http://218.104.136.146/

https://www.virustotal.com/de/url/b33d2e7b96317081cb01eb03e844dbbc41485ba9eb8a40209d23e36cd060c789/analysis/1396356099/

https://www.virustotal.com/de/ip-address/218.104.136.146/information/

81 SPAM Mails sent from this IP:

https://www.projecthoneypot.org/ip_218.104.136.146

2) http://50.117.120.253/ (Personal 2nd Appearance)

https://www.virustotal.com/de/url/e619b1d78286c0b9cadfbb81b7ad400b5c94c97ada584689925d2ba3805ec165/analysis/1396356347/

https://www.virustotal.com/de/ip-address/50.117.120.253/information/

PHISHING from www.heavenjav.com (IP: 89.248.168.164)
Netherlands
PUA.Phishing.Bank

HeavenJAV Screenshot

Phishing SITE:
DOMAIN:

http://www.heavenjav.com/

https://www.virustotal.com/de/url/7ba4abf24940faa50c30bdea1e3788d98f79c5d38bbaf6a60934ec10951f8c02/analysis/1396342103/

PUA.Phishing.Bank

https://www.virustotal.com/de/file/e0862f4de5204feea0c3d8e365db0082d9b66743873bd1622248b392dfdc63ef/analysis/1396342533/

http://virusscan.jotti.org/de/scanresult/0882e3fab80e1c4561884fb123e103298c89153a

http://www.heavenjav.com/2013/02/24/front-magazine-uk-no-178-2013/

https://www.virustotal.com/de/url/07f6c70e33553e5b4da02f94af3c4b3ecca2003cf1610505e437a106ae85cbf9/analysis/1396342096/

PUA.Phishing.Bank

https://www.virustotal.com/de/file/90d8f789b5499a6d10b89b31cb75ed7474481e20996e125c676da78b8d599c9c/analysis/1396342153/

http://virusscan.jotti.org/de/scanresult/d8067f7e7a665777aeaeb064eb3fb32664db9e1a

http://89.248.168.164/

https://www.virustotal.com/de/url/3b8ce797c88762fece7858c4024261fb686117e4c6d68a9f0ef3d0f154a9ac71/analysis/1396350748/

Real Comment Number 3 on COMMENT SPAM (with Malicious Link) !

ANONYMOUS WROTE:
"Whɑt's up, after reading this awesome paragraph..."
KEY COMMENT: "Stop by my website..."
scp.uma.pt/images/....... Portugal, Poland, Germany

This Post is (and will be & stay) to demonstrate what SPAM IN BLOGS (Comment SPAM) IS about and how you should difference it ! From this part it is surveilled, and followed. IP-Data and Domains who are involved are being recorded, to monitor the frequency and analyzing the connections given to it. In case suspicious Connections (related to Phishing, Spambots (what they already are), and other fraudulent activities and/or behaviour) will (not only) be recorded and transfered to the appropriate agencies (i.e. IC3) what however is done anyway. Special observations from outside can be adressed to me through IC3.

Reminder: However, every SPAM-Post is delivered to the appropriate Adress. Keep following.
-------------------------------------------------------------------------------------------------------------------------------------------

NUMBER 3:

Whɑt's up, after reading this awesome paragraph i am as well happy to share my experience here with mates. Stop by my website http://scp.uma.pt/images/1.php/what-is-biaxin-used-to-treat-ogqd.php

SPAM COMMENT MADE ON FOLLOWING POST:

http://stayaway2.blogspot.com/2014/01/category-malicious-domain_13.html

SCREENSHOT OF ANONYMUS COMMENT SPAMMER

MW URL: PHISHING - ROGUE MEDS - TDS SUTRA

http://scp.uma.pt/images/1.php/what-is-biaxin-used-to-treat-ogqd.php

https://www.virustotal.com/de/url/b4ddfb4f5d1d6de3d7ac09bc3f9b86cf1e1152c431989be9ba128ebadcc902ed/analysis/1396334546/

TDS Sutra - redirect received

TDS Sutra - request in.cgi

https://urlquery.net/report.php?id=1396334666046

--->

http://getmarketschoice.com/in.cgi?12&parameter=what+is+biaxin+used+to+treat

https://www.virustotal.com/de/url/15b9552bdaaef5306203130d8ec521adc2ec02836e244a6c288660a77af1de9f/analysis/1396334968/

TDS Sutra - redirect received

https://urlquery.net/report.php?id=1396335061174

---->

http://okpillsbest.com/catalog/Antibiotics/Biaxin.htm

https://www.virustotal.com/de/url/817a3dad94af46f7e84cf077bf34f54888b21bf8df5e2b7aa8c58a00dc3437e4/analysis/

https://urlquery.net/report.php?id=1396335569086

IPs:

http://193.136.232.84/

https://www.virustotal.com/de/url/6e4f5bd49883788be5d2d08199a76341d1b5a44a5e1054a20bbb2999170950aa/analysis/1396335823/

http://91.230.205.65/

https://www.virustotal.com/de/url/cd4912b45256be4f214fd289ed20c225c7d68e236e44c78895ffe3fb862f847d/analysis/1396335909/

https://www.virustotal.com/de/ip-address/91.230.205.65/information/

http://176.9.192.16/

https://www.virustotal.com/de/url/4c8e99a657d39784c9bd79d726db6b96677fbb9e575d28bc2eb704caa08c7257/analysis/1396336061/

https://www.virustotal.com/de/ip-address/176.9.192.16/information/

http://95.169.190.160/

https://www.virustotal.com/de/url/00dfaf1d27128c8f8f00b91a82a1f3a259e51042b504b784c7fa970efaaa2424/analysis/1396336268/

https://www.virustotal.com/de/ip-address/95.169.190.160/information/

Spider Sightings: 14

https://www.projecthoneypot.org/ip_95.169.190.160

3/30/2014

FACEBOOK PHISHING & HACKING:
pirateruncomptefacebookfrance.blogspot.com

What safely could be translated into: "HowtoHijack(Pirate)aFaceBookAccount(in)France.blogspot.com

MALICIOUS BLOGSPOT:

PHISHING FOR FB DATA (HOW TO HIJACK (HACK) A FB ACCOUNT ETC.

http://pirateruncomptefacebookfrance.blogspot.com/

https://www.virustotal.com/de/url/586b5098f327ff98a61c8a2a6a0aab975a50d1df315230588de967d26d30a3ad/analysis/

THIS (FOLLOWING) LINK IS PROVIDED ON THE PAGE (TRY FOR FREE)

http://goo.gl/dKwO8n

https://www.virustotal.com/de/url/299ad80bc881f312479170902dadea87917189d04df4e4fb91c8cce28767fa6d/analysis/1396211990/

http://sitecheck3.sucuri.net/results/goo.gl/dkwo8n

http://www.phishtank.com/phish_detail.php?phish_id=2332672

---> REDIRECTS TO:

http://cheatlord.net/facebookcheat/

https://www.virustotal.com/de/url/2874549c53c37bb47427b4888d4003ef56a9eb9769d551381638e37a6dd799ff/analysis/

http://wepawet.iseclab.org/view.php?hash=31faf50ec251a7f34f1a65abfeff7658&t=1396211280&type=js

FACEBOOK PHISHING & HACKING:

hackeruncomptefacebook.com
piraterfacebookcompte.com
advertising-pl.com

WITH Greetings from Tulsa, Oklahoma

MALICIOUS DOMAIN(s): FACEBOOK CREDENTIALS PHISHING & HACKING

http://hackeruncomptefacebook.com/

https://www.virustotal.com/de/url/cfac8fa2254451995f4d2a6f8de40c8f02436f81228d9b4b8b31ea88ae073e2e/analysis/1396201707/

SEE RESULTS FROM LAST YEAR:

http://wepawet.iseclab.org/view.php?hash=68dc48fe9f199d1c877a5445079dd407&t=1382978731&type=js

http://wepawet.iseclab.org/view.php?type=js&hash=12d7e2d3b011064d4fd4c5bb016e131c&t=1380889976

IP(s):

http://108.174.194.226/ (TULSA, OKLAHOMA)

https://www.virustotal.com/de/url/ca9613975145454f057431a2b9c3116aedfc9a4a97e013b6f95804db13897c02/analysis/1396204128/

https://www.virustotal.com/de/ip-address/108.174.194.226/information/

MailRep: POOR

http://www.senderbase.org/lookup/?search_string=108.174.194.226

FOR THE FULL REPORT SEE .txt ICON:

Real Comment Number 2 on COMMENT SPAM !

ANONYMOUS WROTE:
"It's really a great and useful piece of information."
KEY COMMENT: "Here is my blog post: pirater un compte Facebook"

My Site: www.facebook-recherche.com

It's really a great and useful piece of information. I'm glad that you simply shared this helpful information with us. Please keep us up to date like this. Thank you for sharing. Here is my blog post pirater un compte Facebook www.facebook-recherche.com

SPAM COMMENT MADE ON FOLLOWING POST:

http://stayaway2.blogspot.com/2014/01/international-online-child-predators.html


SCREENSHOT OF ANONYMUS COMMENT SPAMMER

PHISHING & MALICIOUS DOMAIN: FACEBOOK ACCOUNT HIJACK (HACK) & PHISHING FOR FB CREDENTIALS AS WELL A BLOG COMMENT SPAMMER (LISTED AT SPAMHAUS)

http://www.facebook-recherche.com/

https://www.virustotal.com/de/url/86eba7512f57e84d6864a943230e74e9767a568755dd2240690ddba9572a1910/analysis/1396193684/

HTML

https://www.virustotal.com/de/file/4d92a05b9a4c097d28c09784947fd4af204e1238b13df695bc477f5f74666e67/analysis/

LISTED AT SPAMHAUS (DBL):

http://www.spamhaus.org/query/domain/facebook-recherche.com

-------------------------
IP: NETHERLANDS

http://37.46.125.166/

https://www.virustotal.com/de/url/a9a0fd6a7a201e4675d3179bd408efbf0f602f492c649f450d92fb56c1d140cf/analysis/1396195483/

https://www.virustotal.com/de/ip-address/37.46.125.166/information/

3/29/2014

Just another Spam, from...
www.ratgeberplatz.com:
„Ihre Bewerbung. Ihr Gehalt: bis zu 300 Euro täglich!
(Da müsste ich doch längst Millionär sein bei all diesen Bewerbungen...)“
(„Your application for employment“)
from Australia & Germany (IP: 14.2.24.1)

English:

www.ratgeberplatz.com is a Spamdomain. Just delete those mails. Do not click "unsuscribe Newsletter". If you do so, they only will register that you have read the Mail, and Spamming will become worse ! See Screenshot.

Related Posts:

Just another SPAM-Screenshot from....ratgeberplatz.com

Guten Tag,
Sie wurden ausgewählt! Wir stellen Ihnen jetzt exklusiv Wissen zur Verfügung für Ihren neuen Nebenjob. Ihr Gehalt: bis zu 300 Euro täglich!

Nach Ihrer kostenlosen Anmeldung erhalten Sie sofort gratis Wissen und können starten.

Hier klicken:
http://mailings.ratgeberplatz.com/tracker.php

Für Deutschsprachige Leser:

www.ratgeberplatz.com ist eine eindeutige Spamdomain. Diese Mails sollte man getrost löschen. Bloss nicht auf "Newsletter abbestellen" klicken. Das einzige was anschliessend geschieht, ist dass sie von dieser Domain noch mehr Spam geschickt bekommen, da sie sich durch ihren Klick preisgegeben haben, und die Domain ratgeberplatz.com nun weiss, dass sie die E-Mail gelesen haben! Siehe Screenshot.

Verwandte Artikel:

IN THIS CASE THE ORIGINATING IP ADRESS IS:

14.2.24.1 (Australia)

https://www.virustotal.com/de/url/6671096f3f434b58d889520e044498210faf3944dae80d8a5a084fd47ee0e3a6/analysis/1396003406/

http://www.senderbase.org/senderbase_queries/detailip?search_string=14.02.24.01

Second IP:

83.136.83.241 (Germany)

https://www.virustotal.com/de/url/248549c14fcab8bb31ebba0e20bc506f52d4070c0eb6fe42fbb7a48ab258dca9/analysis/1396118848/

THAT IS ALSO THE REASON WHY THIS POST (DOMAIN www.ereatvipgame.la) IS CONNECTED TO ratgeberplatz.com, as they use the same SPAM Server:

http://stayaway2.blogspot.com/2014/03/phishing-spam-from-wwwereatvipgamela-in.html

DIES IST DER GRUND WIESO ratgeberplatz.com mit involviert ist im folgenden POST (Casino-Phishing www.ereatvipgame.la) da sie beide die gleiche SPAMSERVER-IP-Adresse nutzen:

http://stayaway2.blogspot.com/2014/03/phishing-spam-from-wwwereatvipgamela-in.html

3/28/2014

Packed.Win32.Black.d (+ Win32/Injector) @:
windowssoftwaire.eu5.org
(IP: 5.9.106.214) GERMANY

MALWARE SITE:
1 - Packed.Win32.Black.d
2 - Win32/Injector
3 - HIDDEN IFRAME

DOMAIN:

http://windowssoftwaire.eu5.org/

https://www.virustotal.com/de/url/cf360dffa24a58212c44d2340e2aeacac62031d1b06ac3a968f2e13edb33d41e/analysis/1396014984/

---> HIDDEN IFRAME TO

http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&site=1580851&section_code=ADO3b

https://www.virustotal.com/de/url/639f767bb6de5e8b70499590e7c3a38ca047d1eb77b39e53b94b4aed4333148a/analysis/1396015602/

http://windowssoftwaire.eu5.org/PBDownForce.rar

https://www.virustotal.com/de/url/5fdf9ca80cddf232ad2ff32fe776e75eaa91283e858546e6902de39318734e59/analysis/1396014869/

MALWARE:

Packed.Win32.Black.d

https://www.virustotal.com/de/file/8f937adfb1ba4f2dcb2554a4a78d579438eec4351301141424f529ff1a17c0c3/analysis/1396014875/

ALSO:

http://windowssoftwaire.eu5.org/KeyText.rar

https://www.virustotal.com/de/url/b8dff45c4625e721c13fe7972f0c45ad5eebd3b0e4b7f634c98e155b87346242/analysis/1396016110/

Win32/Injector

https://www.virustotal.com/de/file/c5eb9f43af160569196b28476a3b89fcfde89dee6399c06e71766ff39a5763fb/analysis/1396016120/

IP:

5.9.106.214

https://www.virustotal.com/de/url/c675d95e168a09cbf8361aef286347b2473c933d8082578acee280d0607dd564/analysis/1396020096/
https://www.virustotal.com/de/ip-address/5.9.106.214/information/

BHA: 2.949

https://www.projecthoneypot.org/ip_5.9.106.214

HTML CODE CAN BE FOUND HERE:

3/20/2014

SPYWARE DOMAIN: terra.mastertop100.net
TROJAN REDIRECTOR (Pagesinxt Malicious Redirect)
USA-RUSSIA-CANADA-Virgin-Islands
NORWAY-NETHERLANDS-FRANCE-ITALY

MALICIOUS DOMAIN:
SPYWARE - TROJAN REDIRECTOR

USA-RUSSIA-CANADA-Virgin-Islands-NORWAY-NETHERLANDS-FRANCE-ITALY

http://terra.mastertop100.net/

https://www.virustotal.com/de/url/b99bc9716fa430c1e0417a758ddf03d3eaf1ca33f8619da37756c61e8469e559/analysis/1395328043/

Pagesinxt Malicious Redirect

https://urlquery.net/report.php?id=1395328112708

FOR FULL REPORT .txt ICON:

3/18/2014

Just another Spam, from...
www.ratgeberplatz.com:
„2014 Träume erreichen - Eine schuldenfreie Zukunft“
(„Make your Dreams come true in 2014 - Your Future out of dept“)
from Australia & Germany

English:

Für Deutschsprachige Leser:

Verwandte Artikel:

IN THIS CASE THE ORIGINATING IP ADRESS IS:

14.02.15.21 (AUSTRALIA)

AS4739 Internode Pty Ltd

https://www.virustotal.com/de/url/a60f76f2fa705159fd37cafe947fa4e01681ae42ecc3b80554695bcc238a8fd9/analysis/1395151319/

3/16/2014

PHISHING SITE:
"Observations on film art" www.davidbordwell.net (IP: 70.39.234.97)
PUA.Phishing.Bank (UNITED STATES)

PHISHING SITE: PUA.Phishing.Bank

http://www.davidbordwell.net/blog/index.html

https://www.virustotal.com/de/url/2adce51d608b3c939dc1a2c19a9b387aa2e6fe66e750bebf737767133506d85e/analysis/1394996663/

PUA.Phishing.Bank

https://www.virustotal.com/de/file/853a64746b075e1b5d0d7b2eb41c605ddfbfbd4c4b03302ccdde31464ee0f44f/analysis/1394996609/

http://virusscan.jotti.org/de/scanresult/7be1f7e378ee2d12adabc4bde73a129e28260178

http://jsunpack.jeek.org/?report=22adb95eb82f0ea13915cb3bf77dbae3d100e346

IP:

http://70.39.234.97/

https://www.virustotal.com/de/url/56d002a4058f32470c9a5e3add7ffcc5143e77faf1d304a975afbfe9c78ab544/analysis/1394998293/

https://www.virustotal.com/de/ip-address/70.39.234.97/information/

PHISHING SITE:
"Ihr Versicherungs Info Blog" isore.de (IP: 141.0.23.37)
PUA.Phishing.Bank GERMANY

MALICIOUS DOMAIN: PUA.Phishing.Bank

http://isore.de/

https://www.virustotal.com/de/url/cd05f3ccda0c44e076fbef633074dfaf92f162e60532181f6f89c56cfe1fdf2d/analysis/1394969151/

PUA.Phishing.Bank

https://www.virustotal.com/de/file/b8d40881840b183b2a270ceea0c4e0832766ff61c0cbee3a5e33f182d55614c5/analysis/1394968898/

http://virusscan.jotti.org/de/scanresult/907bdcf1d4ce04602e10f6515090ab131201912a

http://jsunpack.jeek.org/?report=e7eb3bb765ed738fe2a1390cdf65014d15d6f2a1

IP:

http://141.0.23.37/

https://www.virustotal.com/de/url/5d08ba1be1ae978c9a6f17ffc4998aea90204e76ec77f8e5e2d569e93c9f7ea1/analysis/1394970114/

https://www.virustotal.com/de/ip-address/141.0.23.37/information/

3/15/2014

Malicious/Suspicious Shellcode (Length 367/362):
Domains da-tom.de & www.x-7.de
Involved in Malicious Activities
(GERMANY)

MALICIOUS DOMAIN (da-tom.de)
WITH MALICIOUS SHELLCODE

http://www.x-7.de/

https://www.virustotal.com/de/url/8f45318803da1480fb37c429f4867128639f02b652c8081725b5094b1ba63faf/analysis/

THIS LINK HAS (HAD) 2 HIDDEN IFRAMES:

http://www.x-7.de/zirbel/archiv/01-okt/01-10-18.htm

1) http://sm7.sitemeter.com/js/counter.asp@site=sm7burschi

https://www.virustotal.com/de/url/3eb5ca2543a97a6f328224628b0cdbe44c5c0b483cd5c5f039708cc6b6abf3d4/analysis/

https://www.virustotal.com/de/file/d5b10953ba949844a4ce4501f3f2cb079daa5f5eb8323b9580aef1f7eac899aa/analysis/1394858312/

2) http://da-tom.de/index.html

https://www.virustotal.com/de/url/724c6bf4ee6b5d900b4e9cc2885992b7339cdd0a6422e42e1d5973ab97e6b8fa/analysis/1394897761/

Heuristic.LooksLike.HTML.Suspicious-URL.H

https://www.virustotal.com/de/file/e24b03b63d7c7bd98e9d033c5f33d03d21240bfff1ca6e48cc691954e205ff69/analysis/1394897389/

Malicious: Shellcode URL= https:/www.tumblr.com/login
Suspicious: Shellcode of length 367/362

http://jsunpack.jeek.org/?report=c01b80ad328fd7e709a043e7992f87d98ea41d4b

https://urlquery.net/report.php?id=9912306

https://urlquery.net/report.php?id=9912311

IP =

http://66.6.44.4/ (NEW YORK, United States)

https://www.virustotal.com/de/url/86cb910a3b1312fb45f4e4f4f00e29f4837e887226027d22717dffade9916097/analysis/1394902018/

https://www.virustotal.com/de/ip-address/66.6.44.4/information/

HTML:
WHICH SAYS:

Whatever you were looking for doesn't currently exist at this address. Unless you were looking for this error page, in which case: Congrats! You totally found it.

https://www.virustotal.com/de/file/8dff95da15fc0496a51c88006fefcc4fc1d7f84eae5243d9a6c1f88dddf3bbf3/analysis/

5 Bad Host Appearences

https://www.projecthoneypot.org/ip_66.6.44.4

FOR FULL REPORT SEE .txt ICON (MINORITY REPORT):

Translate

6/07/2014

5/21/2014

5/08/2014

4/30/2014

4/12/2014

4/09/2014

4/03/2014

4/01/2014

3/30/2014

3/29/2014

English:

Guten Tag,Sie wurden ausgewählt! Wir stellen Ihnen jetzt exklusiv Wissen zur Verfügung für Ihren neuen Nebenjob. Ihr Gehalt: bis zu 300 Euro täglich!Nach Ihrer kostenlosen Anmeldung erhalten Sie sofort gratis Wissen und können starten.Hier klicken:http://mailings.ratgeberplatz.com/tracker.php

Für Deutschsprachige Leser:

3/28/2014

3/20/2014

3/18/2014

English:

Für Deutschsprachige Leser:

3/16/2014

3/15/2014