Web Security And Awareness towards Cybercriminals: Germany

Posts mit dem Label Germany werden angezeigt. Alle Posts anzeigen

4/15/2014

www.ensemble-berlin.de
infected with SEO SPAM (Viagra & Co.)
ROGUE MEDICATIONS PHISHING
IP: 80.67.31.164 & 5.61.42.211 GERMANY

MALICIOUS RUSSIAN PILLS PHISHING URL:
TDS URL pattern

http://www.ensemble-berlin.de/

https://www.virustotal.com/de/url/fa621d60d52c535f849c29fe9327a46e2248dedcc24fbe3ccf58388cad5c5c85/analysis/1397567841/

http://www.ensemble-berlin.de/viagra-rezeptfrei-lander.html

https://www.virustotal.com/de/url/c516b883ef52e0fef2b2884bcad2b97ecb7db4c9cd1037a847e1d082523cc5a7/analysis/1397566470/

TDS URL pattern

https://urlquery.net/report.php?id=1397566888166

https://urlquery.net/report.php?id=1397566887262

https://urlquery.net/report.php?id=1397566892018

---->

http://tds.cigarettescheap.net/

https://www.virustotal.com/de/url/108ea225a2cbc221f9a087fbcc49495921fa191d9fb0358385673df27b0a805d/analysis/1397567431/

TDS URL pattern

https://urlquery.net/report.php?id=1397567579389

----->

http://apharmshop.com/

https://www.virustotal.com/de/url/a0cf825561616bba65374be8a7b676cbfeb2964a47b08a7a566c186b4d511158/analysis/1397567650/

------>

http://edapotek.eu/

https://www.virustotal.com/de/url/796f23f603e37c30c96323a5a17e9240452213df055795e53fc2d94b4965c37c/analysis/1397567302/

4/13/2014

"Blacksher Hall, Learn the secrets of top businesses in your industry"
SPAM AGAIN from:
ci33.actonsoftware.com
IP: 207.189.124.33
Englewood, COLORADO, UNITED STATES
(merchantcentric.com IP: 184.168.221.18)

Learn the secrets of top businesses in your industry as well as local competitors
Hi Blacksher Hall,

We have identified Atlanta Botanical Garden as the business in your industry with a high total marketing score of 1253. Create your free account to learn more about what they are doing and what makes up Blacksher Hall's score of 39, as of February 26, 2014.

We scan these top sites and more ...

Atlanta Botanical Garden may not be a direct competitor, however, seeing what they are doing to market themselves online can give you ideas for how to attract more customers. Merchant Centric will help you increase Blacksher Hall's marketing score from its current score of 39 by giving you unique insights into the competition.

Try it for free. No credit card required. Cancel at anytime.

    See what makes up Blacksher Hall's marketing score
    See what Atlanta Botanical Garden is doing to attract customers
    Pick other local competitors to see how you compare and learn what they are doing

Sign up for a free trial. No risk. No commitment.

Want to learn more? View Merchant Centric features.

Don't miss important alerts for Blacksher Hall

For more information, please visit merchantcentric.com

"Real" Links marked on MAIL-Screenshot

SPAM DOMAIN FROM GERMANY:

http://merchantcentric.com/

https://www.virustotal.com/de/url/2655175568ddab160a5f3a07cb4f6bb08eb47b5970460bd619de5d3dc1ad195e/analysis/1397212380/

THROUGH:

http://b2b-mail.net/

https://www.virustotal.com/de/url/a0bf735206b0ae297b5fc69b8bbc14d42c1449cf671e3f04db456c138c372871/analysis/1397212963/

https://www.mywot.com/en/scorecard/b2b-mail.net

"Real" LINKS (DOMAIN):

http://ci33.actonsoftware.com/

https://www.virustotal.com/de/url/d79508e04f1cebce60a2a5688ffe2e7bd9b2947a88bd165aab3f8d95eb7a203f/analysis/1397395024/

Redirects to: --->

http://www.actonsoftware.com/

https://www.virustotal.com/de/url/c5a38ba5fa2fa2610f32289824f259f551f7cfe17deace24f5b0bed532861069/analysis/1397397880/

Redirects to: --->

http://www.act-on.com/

https://www.virustotal.com/de/url/3825d42cb168ac6c02c2658039f6c9fe8c85dd38d9a73f75104fa0011a318655/analysis/1397398511/

HTML

https://www.virustotal.com/de/file/3d0425fd14e9054f8aad1949bcfef92f734ff1260370a865434af77ee2253f6d/analysis/1397394944/

Goes to:

http://code.jquery.com/jquery-latest.min.js

https://www.virustotal.com/de/url/726054b5aa9f603f7350b016e0d0e9656d0b36d24bc19cedf14efce395e4eeb9/analysis/1397397801/

AS WELL, HIDDEN IFRAME FOUND:

http://www.act-on.com/contact

https://www.virustotal.com/de/url/030e98abfbd9c463bdc1146846b6007db4fe30962d7c0fb6bb494fb828e53a18/analysis/1397399608/

W32.HfsIframe

https://www.virustotal.com/de/file/74f5fc3c7f530b15e849fad2696317a3c6bacb3aa3872918a04efe8f8cd8c768/analysis/1397399505/

Iframe:

http://flex.atdmt.com/mstag/tag/4a37b15a-3ef1-4a8b-a371-479fb864947c/conversion.html?cp=5050&dedup=1

https://www.virustotal.com/de/url/e3ea0036dd7351f6ae4bc2a4c58b3faa857651b8067f01386ea7cf8c68bb4ca0/analysis/1397399819/

--->

http://r.msn.com/?cp=5050&dedup=1

https://www.virustotal.com/de/url/c07e4f9ce3ba7d0590a15ec7b77abc9648d8488da09350ccdb9c5a1b6ef0ac38/analysis/

<--- iframe src="//flex.atdmt.com/mstag/tag/4a37b15a-3ef1-4a8b-a371-479fb864947c/conversion.html?cp=5050&dedup=1" frameborder="0" scrolling="no" width="1" height="1" style="visibility:hidden;display:none" --->
----------------------------------------------------------------------------------------------------------------------------------------------
IP:

http://207.189.124.33/

https://www.virustotal.com/de/url/6a7a91121e48253bb0b7919c01301015ae52960e711c7ee43b3df740e5d5059a/analysis/1397401056/

https://www.virustotal.com/de/ip-address/207.189.124.33/information/

---> REDIRECTS TO (NON EXISTING DOMAIN - NX)

http://www.124.33?ao=1

https://www.virustotal.com/de/url/a6aeb1ae8617a7888e4c75593c9568c5ad47aba2219b6c726b0ae0edadc49229/analysis/1397401221/

http://wepawet.iseclab.org/view.php?hash=3c2a82642a3515ac82103829f31fbd2a&t=1397401105&type=js

See also:
http://wepawet.iseclab.org/view.php?hash=eb0c9b909fa7a3ceca628aa14d38975b&t=1397395059&type=js

RELATED POST:

http://stayaway2.blogspot.com/2014/04/ip-8416822118-merchantcentriccom-german.html

Category MALICIOUS IP: Cutwail Spambot on IP 213.144.13.74 (Karlsruhe, GERMANY)
Pushdo Malware and Zeus Botnet - Dictionary Attacker

The IP Address 213.144.13.74 is listed in the CBL (Composite Blocking List). It appears to be infected with a spam sending trojan, proxy or some other form of botnet. It was last detected at 2014-04-10 13:00 GMT (+/- 30 minutes), approximately 2 days, 23 hours, 29 minutes ago.

This IP is infected (or NATting for a computer that is infected) with the Cutwail Spambot. In other words, it's participating in a botnet.

Cutwail is a complex infection and requires a number of steps to ensure that it's eradicated.

First, Cutwail spams out very high volumes, and is one of the the largest vectors of malware on the Internet, and almost every cutwail infection also has a copy of the Pushdo (DDOS by web transaction) malware and/or the Zeus botnet. The Zeus botnet controls the Cutwail/Pushdo pair as well as does information stealing/keyboard logging. Hence, this is a very severe threat - not just to the owner of the infected computer, the other members of your internal network (if you have one) but the rest of the Internet too.

Second, there are two methods for detecting cutwail. One of the methods is by detecting the spams that cutwail sends. The other method does not work that way. This means that even if you block outbound port 25 from non-mail-servers on your local network, you can still detect a cutwail infection on your local network. This means that if you implement port 25 restrictions, you should implement logging so that you can detect what internal machines are being blocked by it and are thereby probably cutwail infections.

TO READ THE REST OF THIS ARTICLE, go to:

http://cbl.abuseat.org/lookup.cgi?ip=213.144.13.74

As well Listed at SORBS:

http://www.au.sorbs.net/lookup.shtml

Listed at SPAMRATS:

http://www.spamrats.com/lookup.php?ip=213.144.13.74

A small report on this IP can be seen by clicking the .txt. Icon:

4/11/2014

IP: 184.168.221.18 merchantcentric.com
German SPAM & PHISHING Domain
"Blacksher Hall: See what your competitors are doing right now"
(Through b2b-mail.net)

SPAM DOMAIN FROM GERMANY:

http://merchantcentric.com/

https://www.virustotal.com/de/url/2655175568ddab160a5f3a07cb4f6bb08eb47b5970460bd619de5d3dc1ad195e/analysis/1397212380/

THROUGH:

http://b2b-mail.net/

https://www.virustotal.com/de/url/a0bf735206b0ae297b5fc69b8bbc14d42c1449cf671e3f04db456c138c372871/analysis/1397212963/

https://www.mywot.com/en/scorecard/b2b-mail.net

Related Post:
http://stayaway2.blogspot.com/2014/04/blacksher-hall-learn-secrets-of-top.html

4/01/2014

Video:
THE FREEDOM OF SPEECH
1st AM(erica)-(END?)MENT or (AMEN)dment or Simply
----> "Fiefdom of Speech"

Press TV's documentary program "Fiefdom of Speech" unfolds the scenario of pressure by the western countries and companies on the Iranian media especially Press TV and Hispan TV.

On April 3rd, 2012, Munich-based media regulator Bayerische Landeszentrale für neue Medien (BLM), announced it was removing Press TV from the SES Astra satellite, as they did not have a licence to broadcast in Europe. However, the channel's legal team submitted documents to the court that proved Press TV could broadcast under German law. An administrative court in Germany accepted Press TV's argument and the legal procedures began.

For more read the article at WP.

Real Comment Number 3 on COMMENT SPAM (with Malicious Link) !

ANONYMOUS WROTE:
"Whɑt's up, after reading this awesome paragraph..."
KEY COMMENT: "Stop by my website..."
scp.uma.pt/images/....... Portugal, Poland, Germany

This Post is (and will be & stay) to demonstrate what SPAM IN BLOGS (Comment SPAM) IS about and how you should difference it ! From this part it is surveilled, and followed. IP-Data and Domains who are involved are being recorded, to monitor the frequency and analyzing the connections given to it. In case suspicious Connections (related to Phishing, Spambots (what they already are), and other fraudulent activities and/or behaviour) will (not only) be recorded and transfered to the appropriate agencies (i.e. IC3) what however is done anyway. Special observations from outside can be adressed to me through IC3.

Reminder: However, every SPAM-Post is delivered to the appropriate Adress. Keep following.
-------------------------------------------------------------------------------------------------------------------------------------------

NUMBER 3:

Whɑt's up, after reading this awesome paragraph i am as well happy to share my experience here with mates. Stop by my website http://scp.uma.pt/images/1.php/what-is-biaxin-used-to-treat-ogqd.php

SPAM COMMENT MADE ON FOLLOWING POST:

http://stayaway2.blogspot.com/2014/01/category-malicious-domain_13.html

SCREENSHOT OF ANONYMUS COMMENT SPAMMER

MW URL: PHISHING - ROGUE MEDS - TDS SUTRA

http://scp.uma.pt/images/1.php/what-is-biaxin-used-to-treat-ogqd.php

https://www.virustotal.com/de/url/b4ddfb4f5d1d6de3d7ac09bc3f9b86cf1e1152c431989be9ba128ebadcc902ed/analysis/1396334546/

TDS Sutra - redirect received

TDS Sutra - request in.cgi

https://urlquery.net/report.php?id=1396334666046

--->

http://getmarketschoice.com/in.cgi?12&parameter=what+is+biaxin+used+to+treat

https://www.virustotal.com/de/url/15b9552bdaaef5306203130d8ec521adc2ec02836e244a6c288660a77af1de9f/analysis/1396334968/

TDS Sutra - redirect received

https://urlquery.net/report.php?id=1396335061174

---->

http://okpillsbest.com/catalog/Antibiotics/Biaxin.htm

https://www.virustotal.com/de/url/817a3dad94af46f7e84cf077bf34f54888b21bf8df5e2b7aa8c58a00dc3437e4/analysis/

https://urlquery.net/report.php?id=1396335569086

IPs:

http://193.136.232.84/

https://www.virustotal.com/de/url/6e4f5bd49883788be5d2d08199a76341d1b5a44a5e1054a20bbb2999170950aa/analysis/1396335823/

http://91.230.205.65/

https://www.virustotal.com/de/url/cd4912b45256be4f214fd289ed20c225c7d68e236e44c78895ffe3fb862f847d/analysis/1396335909/

https://www.virustotal.com/de/ip-address/91.230.205.65/information/

http://176.9.192.16/

https://www.virustotal.com/de/url/4c8e99a657d39784c9bd79d726db6b96677fbb9e575d28bc2eb704caa08c7257/analysis/1396336061/

https://www.virustotal.com/de/ip-address/176.9.192.16/information/

http://95.169.190.160/

https://www.virustotal.com/de/url/00dfaf1d27128c8f8f00b91a82a1f3a259e51042b504b784c7fa970efaaa2424/analysis/1396336268/

https://www.virustotal.com/de/ip-address/95.169.190.160/information/

Spider Sightings: 14

https://www.projecthoneypot.org/ip_95.169.190.160

3/29/2014

Just another Spam, from...
www.ratgeberplatz.com:
„Ihre Bewerbung. Ihr Gehalt: bis zu 300 Euro täglich!
(Da müsste ich doch längst Millionär sein bei all diesen Bewerbungen...)“
(„Your application for employment“)
from Australia & Germany (IP: 14.2.24.1)

English:

www.ratgeberplatz.com is a Spamdomain. Just delete those mails. Do not click "unsuscribe Newsletter". If you do so, they only will register that you have read the Mail, and Spamming will become worse ! See Screenshot.

Related Posts:

Just another SPAM-Screenshot from....ratgeberplatz.com

Guten Tag,
Sie wurden ausgewählt! Wir stellen Ihnen jetzt exklusiv Wissen zur Verfügung für Ihren neuen Nebenjob. Ihr Gehalt: bis zu 300 Euro täglich!

Nach Ihrer kostenlosen Anmeldung erhalten Sie sofort gratis Wissen und können starten.

Hier klicken:
http://mailings.ratgeberplatz.com/tracker.php

Für Deutschsprachige Leser:

www.ratgeberplatz.com ist eine eindeutige Spamdomain. Diese Mails sollte man getrost löschen. Bloss nicht auf "Newsletter abbestellen" klicken. Das einzige was anschliessend geschieht, ist dass sie von dieser Domain noch mehr Spam geschickt bekommen, da sie sich durch ihren Klick preisgegeben haben, und die Domain ratgeberplatz.com nun weiss, dass sie die E-Mail gelesen haben! Siehe Screenshot.

Verwandte Artikel:

IN THIS CASE THE ORIGINATING IP ADRESS IS:

14.2.24.1 (Australia)

https://www.virustotal.com/de/url/6671096f3f434b58d889520e044498210faf3944dae80d8a5a084fd47ee0e3a6/analysis/1396003406/

http://www.senderbase.org/senderbase_queries/detailip?search_string=14.02.24.01

Second IP:

83.136.83.241 (Germany)

https://www.virustotal.com/de/url/248549c14fcab8bb31ebba0e20bc506f52d4070c0eb6fe42fbb7a48ab258dca9/analysis/1396118848/

THAT IS ALSO THE REASON WHY THIS POST (DOMAIN www.ereatvipgame.la) IS CONNECTED TO ratgeberplatz.com, as they use the same SPAM Server:

http://stayaway2.blogspot.com/2014/03/phishing-spam-from-wwwereatvipgamela-in.html

DIES IST DER GRUND WIESO ratgeberplatz.com mit involviert ist im folgenden POST (Casino-Phishing www.ereatvipgame.la) da sie beide die gleiche SPAMSERVER-IP-Adresse nutzen:

http://stayaway2.blogspot.com/2014/03/phishing-spam-from-wwwereatvipgamela-in.html

3/28/2014

Stop ! This Website Is Not Safe !
Psssst...i am OUTING myself....so, beware...
Not only since Yesterday (This Blog) is stamped as a PHISHING Site (by BD (BitDefender)....This POST (Threat)) will be kept updated.
Sooner or later. And Fortinet jumped into it (Today. The NET).
Riddle: Find out why...it started...! STAY TUNED !

STOP ! THIS WEBSITE is NOT Safe

http://trafficlight.bitdefender.com/info?url=http://stayaway2.blogspot.com

THE BEGINNING: (AS I SAID, SOME (delicate) INFO WILL BE UPDATED). BitDefender is a GERMAN/ROMANIAn "Fusion?"itis.


The more Hacking, the more will publish. The Circle of Life makes not halt in Front of...BD...who is working EAST(Ward)s !!!

The end of defending Bits (or bytes)

Happy Eastern to ALL (and to myself, i almost forgot): But Never Forget: Kaspersky is the RULE !! Is someone heading EAST ? Or WEST ?? Hitchhike.....

And https://www.virustotal.com/de/user/BMonday/

:D

Packed.Win32.Black.d (+ Win32/Injector) @:
windowssoftwaire.eu5.org
(IP: 5.9.106.214) GERMANY

MALWARE SITE:
1 - Packed.Win32.Black.d
2 - Win32/Injector
3 - HIDDEN IFRAME

DOMAIN:

http://windowssoftwaire.eu5.org/

https://www.virustotal.com/de/url/cf360dffa24a58212c44d2340e2aeacac62031d1b06ac3a968f2e13edb33d41e/analysis/1396014984/

---> HIDDEN IFRAME TO

http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&site=1580851&section_code=ADO3b

https://www.virustotal.com/de/url/639f767bb6de5e8b70499590e7c3a38ca047d1eb77b39e53b94b4aed4333148a/analysis/1396015602/

http://windowssoftwaire.eu5.org/PBDownForce.rar

https://www.virustotal.com/de/url/5fdf9ca80cddf232ad2ff32fe776e75eaa91283e858546e6902de39318734e59/analysis/1396014869/

MALWARE:

Packed.Win32.Black.d

https://www.virustotal.com/de/file/8f937adfb1ba4f2dcb2554a4a78d579438eec4351301141424f529ff1a17c0c3/analysis/1396014875/

ALSO:

http://windowssoftwaire.eu5.org/KeyText.rar

https://www.virustotal.com/de/url/b8dff45c4625e721c13fe7972f0c45ad5eebd3b0e4b7f634c98e155b87346242/analysis/1396016110/

Win32/Injector

https://www.virustotal.com/de/file/c5eb9f43af160569196b28476a3b89fcfde89dee6399c06e71766ff39a5763fb/analysis/1396016120/

IP:

5.9.106.214

https://www.virustotal.com/de/url/c675d95e168a09cbf8361aef286347b2473c933d8082578acee280d0607dd564/analysis/1396020096/
https://www.virustotal.com/de/ip-address/5.9.106.214/information/

BHA: 2.949

https://www.projecthoneypot.org/ip_5.9.106.214

HTML CODE CAN BE FOUND HERE:

3/18/2014

Just another Spam, from...
www.ratgeberplatz.com:
„2014 Träume erreichen - Eine schuldenfreie Zukunft“
(„Make your Dreams come true in 2014 - Your Future out of dept“)
from Australia & Germany

English:

Für Deutschsprachige Leser:

Verwandte Artikel:

IN THIS CASE THE ORIGINATING IP ADRESS IS:

14.02.15.21 (AUSTRALIA)

AS4739 Internode Pty Ltd

https://www.virustotal.com/de/url/a60f76f2fa705159fd37cafe947fa4e01681ae42ecc3b80554695bcc238a8fd9/analysis/1395151319/

MALICIOUS BLOGVISITOR: kukutrustnet777.info
GERMANY, PORTUGAL, United States of AMERICA
IP: 74.208.164.166
Network Owner 1&1 Internet
Involved in Illegal Activities

MALICIOUS BLOGVISITOR: W32 SALITY

DOMAIN:

http://kukutrustnet777.info/

https://www.virustotal.com/de/url/70f3e502cfb9f161deb3b606b4d4834f9b8eaaa0d7e22643abb245a528bdab26/analysis/1395148434/

SPECIFIC VISITING LINK:

http://kukutrustnet777.info/?177ab=96171

https://www.virustotal.com/de/url/de1a0fef4a8468c1503ad39bec362804625dfba783f852223656a3aceee1ff9a/analysis/1395148539/

https://urlquery.net/search.php?q=kukutrustnet&type=string&start=2011-06-25&end=2014-03-18&max=50

IP:

http://74.208.164.166/

https://www.virustotal.com/de/url/694476a661091a3bacdc0e374b785b127d8eef67592e7231fa202576b79d305a/analysis/1395149571/

Involved in Illegal Activities

http://www.senderbase.org/lookup/?search_string=74.208.164.166

https://www.virustotal.com/de/ip-address/74.208.164.166/information/

NETWORK OWNER: 1&1 Internet

TROJAN JScripts @ www.fahrradreisen.de
(IP: 82.165.1.172) GERMANY

Malware Domain: TROJAN JS

http://www.fahrradreisen.de/
https://www.virustotal.com/de/url/506a128026ca7a4fb0851122d8fb6a33b28e368b58cd79c0113e32c3f9e92163/analysis/1395078178/
HTML:
https://www.virustotal.com/de/file/324fd828e7ae9d8bf61ae80bda3bbec77ed20f3e1dd8779a0ca592840edc3ff6/analysis/

MALICIOUS SCRIPTS:
1) http://www.fahrradreisen.de/javascript/rrdb/country_region.js
https://www.virustotal.com/de/url/47643eaec0e017e6490e4cd12c5e7c3e5ed396cea92d9525586550c337bb858d/analysis/
TROJAN REDIRECTOR
https://www.virustotal.com/de/file/d000c86205f8d23a4fab1d9e886c707e597562f11b44d60b8835a2a8a5ee346c/analysis/1395078501/
http://jsunpack.jeek.org/?report=27ab2cfdad6ab55928a3c0c3eb62bb78866fd70c

2) http://www.fahrradreisen.de/javascript/jquery/1.4.2/jquery.min.js
https://www.virustotal.com/de/url/a13cf4f915ad4bcf42c4cd950f4142fa85256a4707d81f3898fb09b1fcbf7da2/analysis/1395078501/
JS/Exploit-Blacole.lj
https://www.virustotal.com/de/file/f71239bdb40fa6b4fdd51366dcbbaebde7470967a478f3895a812a190bcc1666/analysis/1395078506/

3/16/2014

PHISHING SITE:
"Ihr Versicherungs Info Blog" isore.de (IP: 141.0.23.37)
PUA.Phishing.Bank GERMANY

MALICIOUS DOMAIN: PUA.Phishing.Bank

http://isore.de/

https://www.virustotal.com/de/url/cd05f3ccda0c44e076fbef633074dfaf92f162e60532181f6f89c56cfe1fdf2d/analysis/1394969151/

PUA.Phishing.Bank

https://www.virustotal.com/de/file/b8d40881840b183b2a270ceea0c4e0832766ff61c0cbee3a5e33f182d55614c5/analysis/1394968898/

http://virusscan.jotti.org/de/scanresult/907bdcf1d4ce04602e10f6515090ab131201912a

http://jsunpack.jeek.org/?report=e7eb3bb765ed738fe2a1390cdf65014d15d6f2a1

IP:

http://141.0.23.37/

https://www.virustotal.com/de/url/5d08ba1be1ae978c9a6f17ffc4998aea90204e76ec77f8e5e2d569e93c9f7ea1/analysis/1394970114/

https://www.virustotal.com/de/ip-address/141.0.23.37/information/

3/15/2014

Malicious/Suspicious Shellcode (Length 367/362):
Domains da-tom.de & www.x-7.de
Involved in Malicious Activities
(GERMANY)

MALICIOUS DOMAIN (da-tom.de)
WITH MALICIOUS SHELLCODE

http://www.x-7.de/

https://www.virustotal.com/de/url/8f45318803da1480fb37c429f4867128639f02b652c8081725b5094b1ba63faf/analysis/

THIS LINK HAS (HAD) 2 HIDDEN IFRAMES:

http://www.x-7.de/zirbel/archiv/01-okt/01-10-18.htm

1) http://sm7.sitemeter.com/js/counter.asp@site=sm7burschi

https://www.virustotal.com/de/url/3eb5ca2543a97a6f328224628b0cdbe44c5c0b483cd5c5f039708cc6b6abf3d4/analysis/

https://www.virustotal.com/de/file/d5b10953ba949844a4ce4501f3f2cb079daa5f5eb8323b9580aef1f7eac899aa/analysis/1394858312/

2) http://da-tom.de/index.html

https://www.virustotal.com/de/url/724c6bf4ee6b5d900b4e9cc2885992b7339cdd0a6422e42e1d5973ab97e6b8fa/analysis/1394897761/

Heuristic.LooksLike.HTML.Suspicious-URL.H

https://www.virustotal.com/de/file/e24b03b63d7c7bd98e9d033c5f33d03d21240bfff1ca6e48cc691954e205ff69/analysis/1394897389/

Malicious: Shellcode URL= https:/www.tumblr.com/login
Suspicious: Shellcode of length 367/362

http://jsunpack.jeek.org/?report=c01b80ad328fd7e709a043e7992f87d98ea41d4b

https://urlquery.net/report.php?id=9912306

https://urlquery.net/report.php?id=9912311

IP =

http://66.6.44.4/ (NEW YORK, United States)

https://www.virustotal.com/de/url/86cb910a3b1312fb45f4e4f4f00e29f4837e887226027d22717dffade9916097/analysis/1394902018/

https://www.virustotal.com/de/ip-address/66.6.44.4/information/

HTML:
WHICH SAYS:

Whatever you were looking for doesn't currently exist at this address. Unless you were looking for this error page, in which case: Congrats! You totally found it.

https://www.virustotal.com/de/file/8dff95da15fc0496a51c88006fefcc4fc1d7f84eae5243d9a6c1f88dddf3bbf3/analysis/

5 Bad Host Appearences

https://www.projecthoneypot.org/ip_66.6.44.4

FOR FULL REPORT SEE .txt ICON (MINORITY REPORT):

3/14/2014

Just another Spam, from...
www.ratgeberplatz.com:
„15 Euro Gutschein bei BAUR sichern“
(„Get your 15 Euro Voucher from BAUR, Just like that!“)
from Germany

English:

Just another SPAM SCREENSHOT from ratgeberplatz.com...

Für Deutschsprachige Leser:

Verwandte Artikel:

Interessenten können auch diesen Artikel lesen:
http://www.it-recht-kanzlei.de/abmahnung-unverlangt-zugesandter-email-newsletter.html

3/12/2014

BAYER 04 LEVERKUSEN TRACKING FANS:
www.bayer04.de & Obfuscated PUA
(Leverkusen, GERMANY)

MALICIOUS BACKGROUND INTENT:
OBFUSCATED JS (PUA, TRACKER, SPYING) OUTSIDE THE HTMLSRC-HEADER

http://www.bayer04.de/

https://www.virustotal.com/de/url/b7d931cbc1a767be418ce46c6a010fc0c55d8cf7efd19ea827c0efc7ba8b6f46/analysis/1394658933/

Obfuscated PUA Link:

http://www.bayer04.de/webtrekk/webtrekk.js

https://www.virustotal.com/de/url/8a7ee2b1aed1dbbf6ee9e775ad9e098523120650cbf3248df0b8d5b118a6151b/analysis/1394659517/

PUA.JS.Obfus-2

https://www.virustotal.com/de/file/e004c9f7e78fa72379e72f04b2b897ec3f57f74675d25966c9cd1b6b5ad1ba84/analysis/1394659379/

http://virusscan.jotti.org/de/scanresult/725ffacc8f21b11ad85a21ba3b1c435d501aba89

IP =

http://184.25.102.88/

https://www.virustotal.com/de/url/55b77a9dbfd0212684dd8e10f930ab2db452cb09099358806dc2f5ac05bf1dc0/analysis/1394661164/

https://www.virustotal.com/de/ip-address/184.25.102.88/information/

3/11/2014

DAILY PHISH, SPAM & SCAM:
news.online-surftipps.com & gratisinfoservice.de (IP 2.1.8.110)
"Revolutionäre Geschäftsidee:
Steigen Sie ein, und verlieren Sie dabei ihr ganzes Vermögen"
FRANCE & GERMANY

Sehr geehrte Damen und Herren,

Jetzt gibt es ein neues revolutionäres Geschäftsmodell, mit dem Sie in einen der größten Märkte weltweit einsteigen können.

Welcher das ist, erfahren Sie hier.

http://gratisinfoservice.de/ilead.php?prodid=_&agent=_

SCAM-Screenshot

http://gratisinfoservice.de/

https://www.virustotal.com/de/url/e1b612f6268292103b7df2845a421146f141143c714ef342b3a66f20b20eea8b/analysis/1394563241/

http://gratisinfoservice.de/ilead.php

https://www.virustotal.com/de/url/5a7fbc141a4903d49a1ef4f967d29681d710596b9497007d9319d6f4f6f29ddf/analysis/

Originating IP

2.1.8.110

https://www.virustotal.com/de/url/f511e3823cedc584bdcd55ec4b788197390a851dcf630c4398caba3cbc929d36/analysis/1394563757/

LISTED AT SPAMHAUS (PBL):

http://www.spamhaus.org/query/bl?ip=2.1.8.110

Email Reputation: Poor

http://www.senderbase.org/lookup/?search_string=2.1.8.110

------------------------------------------------------------------------------------------------------------------------

http://news.online-surftipps.com/

https://www.virustotal.com/de/url/9b289c2e28e2790291f4b6fad96c31623ea5894c4867379652d4adbda52f3b38/analysis/1394563975/

3/10/2014

Newly Detected: HEUR:Trojan.Script.Generic @ doxyworld.pagesperso-orange.fr (IP: 193.252.122.54) FRANCE, GERMANY

NEWLY DETECTED MALWARE PAGE: HEUR:Trojan.Script.Generic

DOMAIN:

http://doxyworld.pagesperso-orange.fr/

https://www.virustotal.com/de/url/be5e27bd2dab4929346a3864e019a06629eabd2ec299fc273e3adedd827bb8eb/analysis/

HEUR:Trojan.Script.Generic

https://www.virustotal.com/de/file/1001774c185cdf8ae86cf818031e76284cb449ada029e67cd6b4e5768052e23d/analysis/1394454288/

TDS URL PATTERN

https://urlquery.net/report.php?id=9843517

--->

http://asdpietroguarino.ilbello.com/post.php?id472092

https://www.virustotal.com/de/url/1304d7f29d95a0bafaf13f6ecf4f9c082702bfe8109abe22a5a56b87ed058a91/analysis/1394454714/

3/07/2014

Link of the Moment (Best of the Web since 2008 - ratgeberplatz (SPAM/SCAM/PHISH)

Link of the Moment can be found here:
http://stayaway2.blogspot.com/2014/01/just-another-spam-from.html

3/05/2014

NEWLY DETECTED:
Trojan.JS.Blacole.Gen
ldcseven.comyr.com & donchule.com
HEUR:Trojan-Downloader.Script.Generic
(Encoded Scripts - MIM-Tactic)
UNITED STATES

NEWLY DETECTED MALWARE DOMAIN(S):

HEUR:Trojan-Downloader.Script.Generic (Encoded Scripts)

DOMAIN:

http://ldcseven.comyr.com/

https://www.virustotal.com/de/url/0685ba471b55e064305146a4155d1857601333edaf2d174788621557675da089/analysis/1394045893/

HTML:

https://www.virustotal.com/de/file/9d8db988e3267396a97fe47f79a85719d31b6c118be64f58e337b90d7d75b446/analysis/1394046023/

MALICIOUS URL:

http://ldcseven.comyr.com/UFPvaVNW.php?id=29514587

INFECTION:

HEUR:Trojan-Downloader.Script.Generic

https://www.virustotal.com/de/url/b6e6ec75c7190316ce80ef8661d56dd26406036052fd4d3eef39fd38ec3baf11/analysis/1394045890/

---> REMOTE LINK:

http://donchule.com/js/slider/Ww84LhDN.php?id=1821816

https://www.virustotal.com/de/url/b9d3a4338b900524d214624c18c993059c91f88ed7e207f0cdcc64f48324afe0/analysis/1394048670/

FULL REVIEW:

Translate

4/15/2014

4/13/2014

4/11/2014

4/01/2014

3/29/2014

English:

Guten Tag,Sie wurden ausgewählt! Wir stellen Ihnen jetzt exklusiv Wissen zur Verfügung für Ihren neuen Nebenjob. Ihr Gehalt: bis zu 300 Euro täglich!Nach Ihrer kostenlosen Anmeldung erhalten Sie sofort gratis Wissen und können starten.Hier klicken:http://mailings.ratgeberplatz.com/tracker.php

Für Deutschsprachige Leser:

3/28/2014

3/18/2014

English:

Für Deutschsprachige Leser:

3/16/2014

3/15/2014

3/14/2014

English:

Für Deutschsprachige Leser:

3/12/2014

3/11/2014

3/10/2014

3/07/2014

3/05/2014