Tennessee ONLINE CHILD PREDATORS 2011: George Stephen Russell (67) Sentenced to 97 Months in Prison for Possession of Child Pornography

Russell’s possession of an extensive collection of child pornography, which he made accessible via the Internet to others who wished to trade child pornography with him, was discovered through an online undercover investigation by the Federal Bureau of Investigation (FBI).

George Stephen Russell

The FBI executed a federal search warrant at Russell’s residence in Oak Ridge, Tennessee, and seized his computers. Forensic examination of the seized computers revealed that he had possessed 3.841 images and 33 videos of suspected child pornography.

The National Center for Missing and Exploited Children identified 48 known victims of child pornography among the images and videos that Russell had possessed.

SOURCE

SEE ALSO: 
http://www.gpo.gov/fdsys/pkg/USCOURTS-tned-3_11-cr-00079/pdf/USCOURTS-tned-3_11-cr-00079-0.pdf

New Jerseys ONLINE CHILD PREDATORS 2011: Ronald Oshrin, 50, of Budd Lake, New Jersey Sentenced to 15 years Federal Prison for recording children with Hidden Cameras

Ronald Oshrin

A computer consultant from Budd Lake has been sentenced to 15 years in prison for installing hidden cameras in his Morris County home and then using the cameras to secretly record young girls who were nude or undressing. While admitting to his crime in December 2011, Ronald Oshrin, 50, pleaded guilty before U.S. District Judge Joseph H. Rodriguez to production of child pornography. Judge Rodriguez imposed the sentence in federal court in Camden.

Joseph H. Rodriguez

At the time the initial charges were brought in April 2012 against Oshrin – who is married with children – his lawyer said his client had 23 years of experience as a computer consultant with "the veteran's administration." Oshrin has admitted, according to authorities, that between 2007 and April 2012, he installed hidden cameras in a bedroom and a bathroom of his home in order to record nine young girls in various states of undress.

He's also admitted to editing the videos to produce still photographs, authorities say, as well as to distributing videos and the still photographs of the girls over the internet.

In addition, authorities said, Oshrin admitted to having sexual contact with certain minors.

According to an FBI-signed complaint made public in April 2012, agents spoke with Oshrin and he allegedly told them that he "regularly downloads child pornography from various websites on the internet.”


The complaint can be found here (.pdf):
http://www.justice.gov/usao/nj/Press/files/pdffiles/2012/Oshrin,%20Ronald%20Complaint.pdf

In addition, the complaint alleged that “he also regularly distributed child pornography through various methods including direct e-mail and posting on known child pornography sites and file sharing sites.”

The complaint also alleged that "when pre-pubescent girls were in the bathroom or bedroom, (Oshrin) would monitor the cameras and make video recordings of the girls ... disrobing, using the shower or using the toilet.

"Because he installed multiple cameras ... it allowed video production from various angles and allowed him to focus on specific areas of interest," the complaint said.

SOURCE: http://www.nj.com

ADDITIONAL LINKS:

• http://www.fbi.gov/newark/press-releases/2012/man-who-allegedly-recorded-girls-with-hidden-camera-faces-federal-child-pornography-charge
• http://www.nj.com/news/index.ssf/2012/04/morris_county_man_accused_of_u.html

Category MALICIOUS IP: 74.91.17.228 Comment Spammer & RULE BREAKER (LISTED AT TornevallNET) Kansas City, MISSOURI, United States

MALICIOUS IP: COMMENT SPAMMER & RULE BREAKER

http://74.91.17.228/ (Kansas City, MISSOURI)

• https://www.virustotal.com/de/url/fbcd5088b580dd9c07b2de9601c20618756c1e90c68bc42f974d0e3747a11f5f/analysis/1400100618/

LISTED AT TornevallNET

• http://dnsbl.tornevall.org/
• http://www.ipvoid.com/scan/74.91.17.228/

Form Posts: 2771

RULE BREAKS: 3 web page navigation rules broken by this IP

• https://www.projecthoneypot.org/ip_74.91.17.228

Network Owner:

http://www.datashack.net/

• https://www.virustotal.com/de/url/613dddb1e1ba69a8a8808dafe1b1e237bf5b5ca6d56c04260eb7279e12b35c09/analysis/

IP DATAShack:

http://108.162.203.173/

• https://www.virustotal.com/de/url/bfa1f2179b4602f74892918accbb1fdd6147a1046e98f1a7554cbd49be015485/analysis/1400102035/

New Mexico ONLINE CHILD PREDATORS 2010: Adam Goodsell, 29, of Albuquerque sentenced to 10 Years Federal Prison

A U.S. child porn distributor collared by the efforts of Winnipeg police and a local civilian tipster has been handed a 10-year prison term.

Adam Pedophile

Adam Goodsell, 29, was sentenced to the lengthy term in a New Mexico federal court, according to the Associated Press. Goodsell was charged in the U.S. after a Winnipeg woman complained about being sent sick images depicting child abuse or exploitation after striking up an online relationship with Goodsell. She reported the incident to Cybertip.ca in August 2010.

That tip was passed off to the Winnipeg Police Service's Internet Child Exploitation unit and she assisted detectives in the investigation. A Winnipeg undercover Agent managed to access Goodsell's computer through a file-sharing program and found more than 80.000 child-porn files available for distribution to others.

Investigators with the Albuquerque Police Department obtained a warrant to search the man's house. They seized and searched computer equipment, finding a number of illegal images.

"Goodsell admitted that while the search warrant was being executed he participated in a recorded interview during which he admitted having more than 1,000 child pornography files 'from babies on up' on his computers," the U.S. Department of Justice said in a statement announcing his plea to a distribution charge last October.

SPAM: Jennifer Woodard (woodardjennifer27@yahoo.com) DOMAIN: darwinistneleridusunmez.com IP: 180.180.146.4 Bankok, THAILAND

DOMAIN:

http://darwinistneleridusunmez.com/

• https://www.virustotal.com/de/url/51ee5532251a6a564ea561ab27211e864beec50df216a0827b1bb1052c369a5a/analysis/1399629448/

http://darwinistneleridusunmez.com/lsy/view.php

• https://www.virustotal.com/de/url/9d8251b452e80791bae691d8eebe0681a092719cf553c5e80c6b1784793c0928/analysis/1399629579/

DOMAIN IP:

http://54.247.100.110/

• https://www.virustotal.com/de/url/e1792fc59ff57735b91d13358c35cf0028ecf8516e36fbe23060b1eb8db96e10/analysis/1399631113/

• https://www.virustotal.com/de/ip-address/54.247.100.110/information/

IP LISTED AT SPAMHAUS (CBL)

• http://www.spamhaus.org/query/bl?ip=54.247.100.110

• http://cbl.abuseat.org/lookup.cgi?ip=54.247.100.110

• http://www.senderbase.org/lookup/?search_string=54.247.100.110

MAIL IPs:
1)

http://180.180.146.4/ (THAILAND)

• https://www.virustotal.com/de/url/dff9af04709b5bc1aec3f2705bafe872a9a57b8a23d9b29f75c117c0a5aba04a/analysis/1399629695/

SPAMMAILSERVER & DICTIONARY ATTACKER:

• https://www.projecthoneypot.org/ip_180.180.146.4

LISTED AT SPAMHAUS (PBL):

• http://www.spamhaus.org/query/bl?ip=180.180.146.4

E-MAIL-REP: POOR

• http://www.senderbase.org/lookup/?search_string=180.180.146.4

2)

http://66.147.244.82/ (UNITED STATES)

• https://www.virustotal.com/de/url/d60b98e987232df8a76c2aadaa8982b3d03a2b4a1a2cc91d829c296f513b13f1/analysis/1399630027/

• https://www.virustotal.com/de/ip-address/66.147.244.82/information/

BHA: 19

• https://www.projecthoneypot.org/ip_66.147.244.82

3)

http://14.4.4.6/ (SOUTH KOREA)

• https://www.virustotal.com/de/url/ea36277fb5e01f8d0713c1937c952433fa0d3e3d11956f161dd989b3a6a07219/analysis/1399630197/

LISTED AT SPAMHAUS (SBL & DROP)

• http://www.spamhaus.org/query/bl?ip=14.4.4.6
• http://www.spamhaus.org/sbl/query/SBL187947
• http://www.senderbase.org/lookup/?search_string=14.4.4.6

4)

http://69.89.23.228/

• https://www.virustotal.com/de/url/f15acfaf6680089b7af8ce6db92c64f2420b0f92e1bcb14af18e2420b2d5de79/analysis/1399631488/

U.S. NAVY MILITARY HACK 2012: Nicholas Paul Knight & Daniel Trenton Krueger charged with Hacking US Navy Computer Systems & Sites

Daniel Trenton Krueger, 20, of Salem, Illinois and Nicholas Paul Knight, 27, of Chantilly, Virginia, were accused of conspiring "to hack computers and computer systems as part of a plan to steal identities, obstruct justice, and damage a protected computer" from April 2012 to June 2013, court documents and prosecutors said.

USS Harry S. Truman

Knight, a former systems administrator in the nuclear reactor department of the USS Harry S. Truman, was the self-proclaimed leader and publicist of "Team Digi7al," prosecutors said. He used the names Inertia, Iner7ia, Logic and Solo and has been a hacker since the age of 16, charging documents say. He was discharged from the Navy after he was caught trying to hack a Navy database while at sea.

In an interview with a reporter for the website Softpedia, parts of which are quoted in charging documents, "Iner7ia" said that he was originally a White hat hacker, who found and reported security vulnerabilities. But he became bored and said "the people I did work for were ungrateful and sometimes they wouldn't take me seriously."

He admitted being a member of the United States Navy, and said that he worked for the people of the U.S. hacking primarily government sites, not the government. "I believe that if we can't protect ourselves against a cyber attack, then how can we trust the government to protect against anything else?"

He said that he uses a separate computer to avoid being caught, and at one point said, "I just hope that I can retire knowing I was never caught and arrested. Haha"

Krueger, who was studying network administration at an undisclosed college, did the hacking "out of boredom," prosecutors said. He went by the names Thor, Orunu, Gambit and Chronus.

Charging documents say that in June of 2012, the Naval Criminal Investigative Service (NCIS) detected a breach of a Naval database located in Oklahoma that contains the Social Security numbers, names, and birth dates of roughly approximately 220.000 members of the military.

"The Navy quickly identified the breach and tracked down the alleged culprits through their online activity, revealing an extensive computer hacking scheme committed across the country and even abroad," said U.S. Attorney Danny C. Williams of the Northern District of Oklahoma.

U.S. Attorney Danny C. Williams

The NCIS and Defense Criminal Investigative Service identified Knight and Krueger as the hackers of the Navy database as well as systems belonging to the U.S. National Geospatial-Intelligence Agency, the Department of Homeland Security, AT&T U-verse, Universities, Police Departments in Toronto and Alabama and the entire email account of the Peruvian ambassador to Bolivia.

They posted links to the data via Team Digi7al's Twitter account, and one co-conspirator said they released the data because they were "somewhat politically inclined to" but also because it was "fun, and we can," prosecutors said.

The U-verse hack compromised the personal information of 3.500 customers. The June 2012 Navy hack left 700 overseas military members unable to access the system and get "logistical support" for their transfers for more than 10 weeks and cost the Navy more than 500.000 US-Dollars documents say.

The U.S. National Geospatial-Intelligence Agency

After the NCIS searched Knight's Virginia home in February of 2013, he admitted "many" of his Team Digi7al activities and agreed to cooperate, but told a juvenile co-conspirator to delete data, documents say.

That juvenile and two others who hacked for Team Digi7al were not charged.

Illinois ONLINE CHILD PREDATORS 2009/2012: Eight Self-Identified ‘Boy Lovers’ Sentenced to Federal Prison for Sexual Exploitation Crimes

Three years after several self-identified “boylovers,” who met in person and online to discuss their sexual interest in children and trade child pornography, were arrested in an FBI sting during or soon after a purported party at a hotel in suburban Skokie, a total of eight defendants have been convicted and sentenced to federal prison terms as a result of the investigation. The sentences ranged from nine years for a suburban Crest Hill man sentenced last week in Chicago to 120 years for a Missouri man sentenced last year in St. Louis.

Six of the eight defendants pleaded guilty and three of them cooperated against others, while the Crest Hill man and a Missouri defendant were convicted after separate trials. All were prosecuted as part of an investigation by the Chicago FBI’s Innocent Images Task Force, which culminated with the undercover sting in September 2009.

“The sentences in these cases reflect the stark reality that defendants who prey upon children by sexually exploiting or abusing them will be punished severely,” said Gary S. Shapiro, Acting United States Attorney for the Northern District of Illinois. He announced the sentences together with William C. Monroe, Acting Special Agent in Charge of the Chicago Office of the Federal Bureau of Investigation.

Mark McGill, 27, of Crest Hill, was sentenced to nine years in prison, followed by 20 years’ supervised release, by U.S. District Judge Joan Gottschall on October 9th, 2012. McGill was convicted of possessing and distributing child pornography after a trial in March 2012. Evidence at McGill’s trial showed that he had attended at least one party with other “boylovers.”

In August 2009, McGill gave a cooperating defendant a thumb drive containing approximately 3.500 images and nearly 60 videos containing child pornography.

Jose Garcia, 25, of Schererville, Indiana, was sentenced to 33 years in prison, followed by lifetime supervised release, by U.S. District Judge Amy St. Eve on July 23. Garcia, who cooperated, pleaded guilty to producing, possessing, and distributing child pornography.

Jacob Elliott, 32, of Matteson, was sentenced to 20 years in prison, followed by 10 years’ supervised release, by U.S. District Judge John Grady on July 18. Elliott, who cooperated, pleaded guilty to producing and possessing child pornography.

Corey Stinefast, 30, of Kenosha, Wisconsin, sentenced to 18 years in prison, followed by lifetime supervised release, by Judge St. Eve on June 13. Stinefast pleaded guilty to possessing and distributing child pornography, and he was found to have amassed a collection of more than 191.000 images of child pornography.

Neal Maschke, 42, of West Chicago, was sentenced to nine years in prison, followed by five years’ supervised release, by U.S. District Judge Samuel Der-Yeghiayan in October 2010. Maschke pleaded guilty to possessing child pornography.

McGill, Maschke, Garcia, Stinefast

Donald Peppers, 38, of Hoffman Estates, sentenced to 27 years in prison, followed by lifetime supervised release, by the late U.S. District Judge William Hibbler in December 2010. Peppers, who cooperated, pleaded guilty to producing, transporting, and possessing child pornography, including an admission that he had produced a video of himself sexually molesting a 1-year-old child. Peppers’ arrest and subsequent cooperation touched off the investigation that resulted in the other prosecutions.

Garcia and Maschke were arrested when they showed up for what they believed was going to be a “boylovers” party at the Skokie hotel in September 2009. McGill and Stinefast were arrested a short time later. Two other defendants, Michael Martin and Matthew Klopfenstine, were convicted in federal courts in St. Louis and Kansas City, respectively, based on evidence gathered during this investigation. Martin was sentenced last year to 120 years in prison for producing child pornography, and Klopfenstine was sentenced recently to 15 years and eight months for producing child pornography.

www.my-lifespan.com---------------------------------- Spying DOMAIN (Maxmind geoip check) IP: 74.220.215.216 from Provo, UTAH

POTENTIALLY MALICIOUS WEBDOMAIN
SPYWARE (Maxmind geoip check)
SUSPICIOUS MEDICATIONS ONLINE ORDER

DOMAIN: http://www.my-lifespan.com/

• https://www.virustotal.com/de/url/6ca77e2af62f1dda5906d724ab55f617e380a7298a531e54a57b7fac999ca18d/analysis/1399044590/

HTML

• https://www.virustotal.com/de/file/5784dd2f9da24a1c7dea8a90a7f953d0befced6fe23f684fcadd49abdfd680c5/analysis/1399045056/

---> LINKS TO FOLLOWING Mal. DOMAINS:

http://b.scorecardresearch.com/

• https://www.virustotal.com/de/url/bc910cfb21a188032f8b808b5f73318ecfc8e9a67fb579a3aea8699a5fe57232/analysis/1399045283/

http://extremetracking.com/

• https://www.virustotal.com/de/url/0783c2061f219702786615d551d76c21afe676a2c287e7c94ecc54044eb8cc08/analysis/1399045356/

---------------------------

ET POLICY Maxmind geoip check to /app/geoip.js

• https://urlquery.net/report.php?id=1399044577915
• https://urlquery.net/report.php?id=1399044573117
• https://urlquery.net/report.php?id=1399044572505
• https://urlquery.net/report.php?id=1399044582830
• https://urlquery.net/report.php?id=1399045795165

---------------------------
IP:

http://74.220.215.216/

• https://www.virustotal.com/de/url/d60fd473a3e21ced99fef2606307e654d73ab75c71c98e031ac40340afc9e8af/analysis/1399046474/

• https://www.virustotal.com/de/ip-address/74.220.215.216/information/

BHA: 2

• https://www.projecthoneypot.org/ip_74.220.215.216

---------------------------

SEE ALSO:

• http://www.UnmaskParasites.com/security-report/?page=www.my-lifespan.com

 

---------------------------

OTHER SUSPICIOUS LINKS TAGGES WITH MAXMIND FROM THIS DOMAIN:

http://www.my-lifespan.com/acarbose.html
http://www.my-lifespan.com/accupril.html
http://www.my-lifespan.com/aciphex.html
http://www.my-lifespan.com/actos.html
http://www.my-lifespan.com/acyclovir.html
http://www.my-lifespan.com/adalat.html
http://www.my-lifespan.com/adamantan.html
http://www.my-lifespan.com/aerius.html
http://www.my-lifespan.com/alendronate.html
http://www.my-lifespan.com/allegra.html
http://www.my-lifespan.com/allopurinol.html
http://www.my-lifespan.com/amantadine.html
http://www.my-lifespan.com/amaryl.html
http://www.my-lifespan.com/aminoguanidine.html
http://www.my-lifespan.com/amitriptyline.html
http://www.my-lifespan.com/arava.html
http://www.my-lifespan.com/aredia.html
http://www.my-lifespan.com/aricept.html
http://www.my-lifespan.com/arimidex.html
http://www.my-lifespan.com/article-148.html
http://www.my-lifespan.com/article-162.html
http://www.my-lifespan.com/articles.php
http://www.my-lifespan.com/astragalosideiv.html
http://www.my-lifespan.com/atorvastatin.html
http://www.my-lifespan.com/augmentin.html
http://www.my-lifespan.com/avapro.html
http://www.my-lifespan.com/avastin.html
http://www.my-lifespan.com/avemarimmunebooster.html
http://www.my-lifespan.com/azarga.html
http://www.my-lifespan.com/azopt.html
http://www.my-lifespan.com/b_vitamincomplex.html
http://www.my-lifespan.com/b_vitamincomplexforte.html
http://www.my-lifespan.com/b6vitamin.html
http://www.my-lifespan.com/benicar.html
http://www.my-lifespan.com/boniva.html
http://www.my-lifespan.com/bromocriptine.html
http://www.my-lifespan.com/burdockrootoil.html
http://www.my-lifespan.com/caffeinecomplex.html
http://www.my-lifespan.com/calcitrio.html
http://www.my-lifespan.com/campto.html
http://www.my-lifespan.com/casodex.html
http://www.my-lifespan.com/cavinton.html
http://www.my-lifespan.com/centrophenoxine.html
http://www.my-lifespan.com/cialis.html
http://www.my-lifespan.com/ciprobay.html
http://www.my-lifespan.com/climagest.html
http://www.my-lifespan.com/clomid.html
http://www.my-lifespan.com/clotrimazolebifonazole.html
http://www.my-lifespan.com/coaxil.html
http://www.my-lifespan.com/coenzymeq10.html
http://www.my-lifespan.com/combivir.html
http://www.my-lifespan.com/competact.html
http://www.my-lifespan.com/comtan.html
http://www.my-lifespan.com/contact.php
http://www.my-lifespan.com/coverex.html
http://www.my-lifespan.com/coversyl.html
http://www.my-lifespan.com/cozaar.html
http://www.my-lifespan.com/crestor.html
http://www.my-lifespan.com/cycloastragenolta_65activesubstance.html
http://www.my-lifespan.com/d3vitamin.html
http://www.my-lifespan.com/depakote.html
http://www.my-lifespan.com/depo_medrol.html
http://www.my-lifespan.com/deprenyl.html
http://www.my-lifespan.com/diabenol.html
http://www.my-lifespan.com/diflucan.html
http://www.my-lifespan.com/disease-1.html
http://www.my-lifespan.com/disease-10.html
http://www.my-lifespan.com/disease-11.html
http://www.my-lifespan.com/disease-12.html
http://www.my-lifespan.com/disease-14.html
http://www.my-lifespan.com/disease-15.html
http://www.my-lifespan.com/disease-16.html
http://www.my-lifespan.com/disease-17.html
http://www.my-lifespan.com/disease-18.html
http://www.my-lifespan.com/disease-19.html
http://www.my-lifespan.com/disease-2.html
http://www.my-lifespan.com/disease-20.html
http://www.my-lifespan.com/disease-22.html
http://www.my-lifespan.com/disease-23.html
http://www.my-lifespan.com/disease-25.html
http://www.my-lifespan.com/disease-26.html
http://www.my-lifespan.com/disease-27.html
http://www.my-lifespan.com/disease-28.html
http://www.my-lifespan.com/disease-29.html
http://www.my-lifespan.com/disease-3.html
http://www.my-lifespan.com/disease-31.html
http://www.my-lifespan.com/disease-32.html
http://www.my-lifespan.com/disease-35.html
http://www.my-lifespan.com/disease-36.html
http://www.my-lifespan.com/disease-39.html
http://www.my-lifespan.com/disease-4.html
http://www.my-lifespan.com/disease-46.html
http://www.my-lifespan.com/disease-47.html
http://www.my-lifespan.com/disease-48.html
http://www.my-lifespan.com/disease-49.html
http://www.my-lifespan.com/disease-5.html
http://www.my-lifespan.com/disease-51.html
http://www.my-lifespan.com/disease-56.html
http://www.my-lifespan.com/disease-57.html
http://www.my-lifespan.com/disease-58.html
http://www.my-lifespan.com/disease-59.html
http://www.my-lifespan.com/disease-6.html
http://www.my-lifespan.com/disease-8.html
http://www.my-lifespan.com/disease-9.html
http://www.my-lifespan.com/doxycycline.html
http://www.my-lifespan.com/echinaceavitc1000zinc.html
http://www.my-lifespan.com/effexor.html
http://www.my-lifespan.com/eldepryl.html
http://www.my-lifespan.com/eulexin.html
http://www.my-lifespan.com/evista.html
http://www.my-lifespan.com/evitamin.html
http://www.my-lifespan.com/exelon.html
http://www.my-lifespan.com/fareston.html
http://www.my-lifespan.com/fatburner.html
http://www.my-lifespan.com/femara.html
http://www.my-lifespan.com/fishoil.html
http://www.my-lifespan.com/flomax.html
http://www.my-lifespan.com/fluconazole.html
http://www.my-lifespan.com/folicacid.html
http://www.my-lifespan.com/fosamax.html
http://www.my-lifespan.com/galvus.html
http://www.my-lifespan.com/gleevecglivec.html
http://www.my-lifespan.com/glucobay.html
http://www.my-lifespan.com/glucobene.html
http://www.my-lifespan.com/gluconorm.html
http://www.my-lifespan.com/glucophageglucophagexr.html
http://www.my-lifespan.com/ibuprofen.html
http://www.my-lifespan.com/imatinib.html
http://www.my-lifespan.com/img/banner-acd.jpg
http://www.my-lifespan.com/img/clouds.gif
http://www.my-lifespan.com/img/dot.gif
http://www.my-lifespan.com/img/icon-blog.png
http://www.my-lifespan.com/img/icon-facebook.png
http://www.my-lifespan.com/img/logo.gif
http://www.my-lifespan.com/img/news/news-148.jpg
http://www.my-lifespan.com/img/news/news-162.jpg
http://www.my-lifespan.com/img/news/news-168.jpg
http://www.my-lifespan.com/img/news/news-169.jpg
http://www.my-lifespan.com/img/news/news-170.jpg
http://www.my-lifespan.com/img/news/news-171.jpg
http://www.my-lifespan.com/img/phone-title.gif
http://www.my-lifespan.com/img/products/prod-108.jpg
http://www.my-lifespan.com/img/products/prod-26.jpg
http://www.my-lifespan.com/img/products/prod-272.jpg
http://www.my-lifespan.com/img/products/prod-33.jpg
http://www.my-lifespan.com/img/products/prod-35.jpg
http://www.my-lifespan.com/img/products/prod-72.jpg
http://www.my-lifespan.com/img/visa.gif
http://www.my-lifespan.com/imigran.html
http://www.my-lifespan.com/imunovir.html
http://www.my-lifespan.com/inulin.html
http://www.my-lifespan.com/iodideki.html
http://www.my-lifespan.com/iodinewater.html
http://www.my-lifespan.com/iressa.html
http://www.my-lifespan.com/isoprinosine.html
http://www.my-lifespan.com/janumet.html
http://www.my-lifespan.com/jumex.html
http://www.my-lifespan.com/kaletra.html
http://www.my-lifespan.com/lamisil.html
http://www.my-lifespan.com/led.css
http://www.my-lifespan.com/lescol.html
http://www.my-lifespan.com/leuzearoot.html
http://www.my-lifespan.com/levaquinlevofloxacin.html
http://www.my-lifespan.com/lifeexendingkit.html
http://www.my-lifespan.com/lipitor.html
http://www.my-lifespan.com/lipoicacid.html
http://www.my-lifespan.com/lotensin.html
http://www.my-lifespan.com/macavibe.html
http://www.my-lifespan.com/madopar.html
http://www.my-lifespan.com/megace.html
http://www.my-lifespan.com/melatonin.html
http://www.my-lifespan.com/memantine.html
http://www.my-lifespan.com/metformin.html
http://www.my-lifespan.com/metoprolol.html
http://www.my-lifespan.com/milgamma.html
http://www.my-lifespan.com/mirapexin.html
http://www.my-lifespan.com/mobic.html
http://www.my-lifespan.com/movalis.html
http://www.my-lifespan.com/mumijomumio.html
http://www.my-lifespan.com/nadh.html
http://www.my-lifespan.com/neupro.html
http://www.my-lifespan.com/news.php
http://www.my-lifespan.com/news-168.html
http://www.my-lifespan.com/news-169.html
http://www.my-lifespan.com/news-170.html
http://www.my-lifespan.com/news-171.html
http://www.my-lifespan.com/nexium.html
http://www.my-lifespan.com/nizoral.html
http://www.my-lifespan.com/nolvadex.html
http://www.my-lifespan.com/nootropil.html
http://www.my-lifespan.com/nootropyl.html
http://www.my-lifespan.com/norvasc.html
http://www.my-lifespan.com/orungal.html
http://www.my-lifespan.com/oseltamivir.html
http://www.my-lifespan.com/pantocrin.html
http://www.my-lifespan.com/pikamilonpicamilon.html
http://www.my-lifespan.com/piracetam.html
http://www.my-lifespan.com/plavix.html
http://www.my-lifespan.com/precose.html
http://www.my-lifespan.com/products.php
http://www.my-lifespan.com/proscar.html
http://www.my-lifespan.com/pumpkinseedoil.html
http://www.my-lifespan.com/raloxifene.html
http://www.my-lifespan.com/redwinehighinresveratrol.html
http://www.my-lifespan.com/resveratrol.html
http://www.my-lifespan.com/revalidcapsules.html
http://www.my-lifespan.com/revalidcream.html
http://www.my-lifespan.com/revalidhairtonic.html
http://www.my-lifespan.com/revalidshampooandconditioner.html
http://www.my-lifespan.com/reyataz.html
http://www.my-lifespan.com/rhodiolaroot.html
http://www.my-lifespan.com/rhodiolatablets.html
http://www.my-lifespan.com/rosuvastatin.html
http://www.my-lifespan.com/rutin.html
http://www.my-lifespan.com/schisandra.html
http://www.my-lifespan.com/sea_buckthorn.html
http://www.my-lifespan.com/selegilin.html
http://www.my-lifespan.com/selenium.html
http://www.my-lifespan.com/seroquel.html
http://www.my-lifespan.com/sinemet.html
http://www.my-lifespan.com/singulair.html
http://www.my-lifespan.com/sporanox.html
http://www.my-lifespan.com/src
http://www.my-lifespan.com/stablon.html
http://www.my-lifespan.com/sustiva.html
http://www.my-lifespan.com/tamiflu.html
http://www.my-lifespan.com/tamoxifen.html
http://www.my-lifespan.com/tasmar.html
http://www.my-lifespan.com/telfast.html
http://www.my-lifespan.com/terms.php
http://www.my-lifespan.com/thiogammalipoicacid.html
http://www.my-lifespan.com/tolcapone.html
http://www.my-lifespan.com/topamax.html
http://www.my-lifespan.com/tritico.html
http://www.my-lifespan.com/truvada.html
http://www.my-lifespan.com/valdoxan.html
http://www.my-lifespan.com/vepesid.html
http://www.my-lifespan.com/vfendvoriconazole.html
http://www.my-lifespan.com/viagra.html
http://www.my-lifespan.com/vinpocetine.html
http://www.my-lifespan.com/vinpotropile.html
http://www.my-lifespan.com/viread.html
http://www.my-lifespan.com/xalatan.html
http://www.my-lifespan.com/xanthinolnicotinate.html
http://www.my-lifespan.com/xeloda.html
http://www.my-lifespan.com/xenical.html
http://www.my-lifespan.com/xylometazolineotrivin.html
http://www.my-lifespan.com/zetia.html
http://www.my-lifespan.com/ziagen.html
http://www.my-lifespan.com/zinczn.html
http://www.my-lifespan.com/zithromax.html
http://www.my-lifespan.com/zocor.html
http://www.my-lifespan.com/zofran.html
http://www.my-lifespan.com/zovirax.html
http://www.my-lifespan.com/zyprexa.html
http://www.my-lifespan.com/zyrtec.html

Officer Down Memorial Post (10-00): Christopher A. Upton (37) killed on March 5th 2010 @ the Oconee National Forest, Georgia, United States

A USDA Forest Service Law Enforcement officer was fatally killed on, March 5th 2010 at the Ocmulgee Bluff Equestrian Recreation Area on the Oconee Ranger District of the Chattahoochee-Oconee National Forest in Jasper County, Georgia.

Christopher Upton

Christopher Arby Upton, 37, of Monroe, Georgia, was on a routine patrol in the area about 11 p.m., where 2 hunters were hunting coyotes with a high-powered rifle equipped with night vision and apparently mistook the officer for game. After the shooting, the hunters dialed 911 and reported a hunting incident.


“This is a tragic incident where the loss of a federal officer’s life could have been avoided,” said Steven Ruppert, Special Agent-in-Charge for the Southern Region of the Forest Service.

“The standard procedure for a hunter is to identify your target and then shoot,” said Homer Bryson, Law Enforcement Colonel for Georgia Department of Natural Resources (DNR) Wildlife Resources Division (WRD). “The hunter failed to do this, and mistook the officer for game. He then shot and instantly killed the officer.”

The shooter, Norman Clinton Hale, 40, McDonough, Ga., and an observer, Clifford Allen McGouirk, 41, of Jackson, Georgia, were hunting coyotes.

While hunting illegally, Hale discharged his rifle, striking Upton in the face. At the sentencing hearing, the government offered expert evidence that had Mr. Hale taken appropriate action, such as calling for emergency services and applying pressure to Officer Upton’s wound, Officer Upton could have survived.

Oconee National Forest

Instead, Mr. Hale waited one hour and 32 minutes before calling 911 and offered no aid to Officer Upton. Mr. Hale asked the other persons present to just leave and not report the incident. When they refused to do so, Mr. Hale then suggested they get four wheelers and drive them to where Officer Upton was and tell the police that they found Officer Upton’s body in this condition. Hale was sentenced on March 22nd 2012 before the Judge Marc T. Treadwell to to 60 months’ imprisonment.

Upton, a four-year veteran of the Forest Service, had previously worked as a game warden for the Department of Defense, U.S. Marine Corps, at Beaufort, South Carolina, and as a conservation officer, game warden and pilot with the Florida Fish and Wildlife Commission. He is survived by his wife, Jessica, and a 4-year-old daughter, Annabelle.

SOURCE(s): http://www.woodsnwater.net/ & http://www.odmp.org/officer/20315-officer-christopher-a-upton

aspiderm2m.net POTENTIALLY MALICIOUS DOMAIN PUA.PHISHING.BANK or Malware.HTML.Iframe (Paranoid Heuristics) IP: 66.155.9.238 San Francisco, UNITED STATES

POTENTIALLY MALICIOUS DOMAIN:

PUA.PHISHING.BANK 
OR
Malware.HTML.Iframe (Paranoid Heuristics)

http://www.aspiderm2m.net/

• https://www.virustotal.com/de/url/1cd0a5ab886c9f5c8c5f77487ab7b3d3de4195c916c27be624ca0d9d8988321b/analysis/1398796394/

---> REDIRECTS TO:

http://aspiderm2m.net/

• https://www.virustotal.com/de/url/f8a2831d9c9f5f88e68f3f8ab67e88fbf8f8073e928d407561b9134f946652fd/analysis/1398796533/

PUA.PHISHING.BANK OR Malware.HTML.Iframe (Paranoid Heuristics)

• https://www.virustotal.com/de/file/3f247ec48488c107deed757f8e4ea3c7bf5f7d2d0e48567a75745a69b2e3234e/analysis/1398796207/

• http://virusscan.jotti.org/de/scanresult/7bd9d4594300b12e875d0bf9bffb8be09d384363

IP:

http://66.155.9.238/

• https://www.virustotal.com/de/url/1a20d9bd80e3f59756f980204479ead147fa25471de76a18df69cea22ecd66d3/analysis/1398797120/

• https://www.virustotal.com/de/ip-address/66.155.9.238/information/

BHA: 1

• https://www.projecthoneypot.org/ip_66.155.9.238

Fwd/Rev DNS Match: NO

• http://www.senderbase.org/lookup/?search_string=66.155.9.238

Florida ONLINE CHILD PREDATORS 2011: Joshua Jay Williamson (24) from Jacksonville sentenced to 5 ½ years in federal prison for extorting dozens of women on Facebook and possession child porn

24-year-old Joshua Jay Williamson received the sentence on the 29th of November, 2012, in Jacksonville. Court documents say Williamson "hacked" in to the email and social networking site on FB of dozens of women between February 2011 and June 2011. Using the personal information he gathered, along with suggestive photos he would find online, and would then further demand the women to send him full nude and sexually explicit photos. He told them that if they did not comply, he would send provocative pictures to their email and Facebook contacts.

On May 19th, 2011 alone Williamson sent extortionate emails to about 75 women.

He attempted to hide his ID by using several IP Adresses and an anonymizer tool (like i.ex. Ghostsurf) but the Smartass should have known that he can be tracked down by authorities anyway.

Files with photos of personal information for more than 150 women were found on Williamson’s computer; 23 images and 31 videos of child pornography were also uncovered.

Williamson will spend 66 months in federal prison and further will serve 10 years of supervised release. He also has been registered as a sex offender and his CPU-Hardware were forfeited as well.

Many agencies, including the FBI, the FDLE (Florida Department of Law Enforcement) and the JSO (Jacksonville Sheriff's Office) were involved in the investigation.

SOURCE: http://www.wokv.com/

RISKWARE: Win32/SecurityXploded.A fromsecurityxploded.com (Windows Autorun Disable)

RISKWARE DETECTED:

Win32/SecurityXploded.A

http://securityxploded.com/download-file.php?id=1231

• https://www.virustotal.com/de/url/3e6d1b6ccbf37664c71e92a76a4ccb23d6004d283541a19c51d50fa342b2a4a3/analysis/1397904253/

http://securityxploded.com/getfile_plus.php?id=1231

• https://www.virustotal.com/de/url/34c9887456cdf35153f3a938a127e88fa06fb1c8c40f1ffe92a498d19ee58688/analysis/1397904283/

(WindowsAutorunDisable.zip) Win32/SecurityXploded.A

• https://www.virustotal.com/de/file/45b799b53adf58fdd6ed78b9c2f59e4b3b9c929bf055becb5c83d9db57f2a609/analysis/1397904083/

(WindowsAutorunDisable.exe) Win32/SecurityXploded.A

• https://www.virustotal.com/de/file/306da318050082d9e6b23120772f61aaaaac0fdcde0b10f3de6ab789c9c8ab94/analysis/1397904074/

• http://zulu.zscaler.com/submission/show/a38523587f7f1912d01cea34d13e3782-1397904455

• https://urlquery.net/report.php?id=1397904464200

IP:

http://64.150.191.172/

• https://www.virustotal.com/de/url/774ec0fe019369938cf734a511ae4334b74f31e5c0202710934e0997df8a6e7f/analysis/

Obama.exe: Hoax.Win32.BadJoke.Agent.nlz NEW MALWARE CODE found @ demonx.org (IP: 70.32.97.245 - UNITED STATES)

MALICIOUS LINK:

http://demonx.org/Obama.exe

• https://www.virustotal.com/de/url/32cdf34a986b807db7b0fddd2acb3214f4c4ee0a8b00e07802504fbcb083e27f/analysis/1397739518/

Hoax.Win32.BadJoke.Agent.nlz

• https://www.virustotal.com/de/file/0be76fb84d1b6f4fae6b5f38d4d5f58fcfd313fe6b48e9a1a5c5f17f6dab280c/analysis/1397739348/

Illegal gambling over the Internet 2011/2012: William Lisle, 57, and Kenneth B. Lovett, 72 of Joplin, Missouri Sentenced

Was Dürer a Gambler...?

William Lisle, 57, of Joplin, MISSOURI, was sentenced on October 31st, 2012, by U.S. District Judge Richard E. Dorr to two years of probation (including six months of home detention) and ordered to pay a fine of 2.000 USD. As a condition of his probation, Lisle may not enter any gambling establishment or engage in any type of gambling, including off-shore or Internet gambling. Lisle must forfeit to the government almost 100.000 USD (98.263 USD) that was seized from his residence by law enforcement, which was the proceeds of gambling activity.

Judge Dorr

Co-defendant Kenneth B. Lovett, 72, also of Joplin, received the same sentence on October 18th, 2012.

Lisle and Lovett each pleaded guilty to using the Internet to transmit wagering information, including placing bets on sporting events, as part of their gambling business from January 1st, 2003, until to February 8th, 2011. Lovett, who was primarily engaged in wagering on National Football League events, took on Lisle as a partner in 2006. Lisle and Lovett shared income and expenses equally until 2010, when Lisle’s share of income and expenses increased to 60 percent.

Lisle and Lovett utilized two Internet websites, with servers located in Costa Rica, to administer the bookmaking operation. Their gambling operation flourished when they began using the off shore gambling Web sites in 2006. The number of their customers and the amounts they wagered increased. For example, according to the plea agreement, one gambler would wager as much as 35.000 USD on a single weekend during the American football season.

Lisle also pleaded guilty to money laundering. Lisle sent cashier’s checks, payable to a false name in an effort to conceal the transfer, to the Costa Rican company that operated the websites. Lisle’s plea agreement cites 15 instances in which he sent cashier’s checks (totaling 72.000 USD) to Costa Rica via Federal Express as part of his scheme to launder money obtained from the gambling enterprise.

SOURCE: http://www.highbeam.com/

NEW POTENTIALLY RISKWARE DETECTED: not-a-virus:PSWTool.Win32.Agent.wi from securityxploded.com (SX Password Remover Suite - PASSWORDSTEALER)

NEW POTENTIALLY RISKWARE DETECTED:
SX Password Remover Suite - PASSWORDSTEALER

not-a-virus:PSWTool.Win32.Agent.wi

http://securityxploded.com/download-file.php?id=1175

• https://www.virustotal.com/de/url/e16f4432398839be81b26f99bd1383feb414f05f5a2a87c7a44b76ac835b72b1/analysis/1397489175/

http://securityxploded.com/getfile_plus.php?id=1175

• https://www.virustotal.com/de/url/208ae819b9936e31aebe61a1f8109006c352819503e642d4dd7af3e28a554ca6/analysis/1397489192/

(SXPasswordRemoverSuite.zip) not-a-virus:PSWTool.Win32.Agent.wi

• https://www.virustotal.com/de/file/39122c76f0ed46174644d507eb28d40050d2954f49a0cb4cdceeb3b4be7aec10/analysis/1397488622/

(Setup_SXPasswordRemoverSuite.exe) not-a-virus:PSWTool.Win32.Agent.wi

• https://www.virustotal.com/de/file/b24cbff70b29b2da22dfb510fd446abcb302db15fdd373823d7aca59b58cabef/analysis/1397488631/

WEPAWET: SUSPICIOUS

• http://wepawet.iseclab.org/view.php?hash=7e7933fe50b94cc98b071cd4f3cf0c3d&t=1397488890&type=js

• http://zulu.zscaler.com/submission/show/e15f2d9e3452820d3e013e126d29424d-1397488901

IP:

http://64.150.191.172/

• https://www.virustotal.com/de/url/774ec0fe019369938cf734a511ae4334b74f31e5c0202710934e0997df8a6e7f/analysis/

BESIDES THAT, FOLLOWING SUSPICIOUS/MALICIOUS LINK HAS BEEN FOUND (HIDDEN IFRAMES):

http://securityphresh.com/index.html

• https://www.virustotal.com/de/url/560aa2ab68e0ab1713b590a4df8096afe6b7efcb072defb901c7d02446a75cd9/analysis/1397489696/

HIDDEN LINKS

HIDDEN IFRAMES TO:

http://2014.confidence.org.pl/

https://www.virustotal.com/de/url/c121b7f7adb198511ce3ff8be6daf221595296fa01e03a8d76fc0cf8f1894b97/analysis/1397491597/

"Blacksher Hall, Learn the secrets of top businesses in your industry" SPAM AGAIN from: ci33.actonsoftware.com IP: 207.189.124.33 Englewood, COLORADO, UNITED STATES (merchantcentric.com IP: 184.168.221.18)

Learn the secrets of top businesses in your industry as well as local competitors
Hi Blacksher Hall,

We have identified Atlanta Botanical Garden as the business in your industry with a high total marketing score of 1253. Create your free account to learn more about what they are doing and what makes up Blacksher Hall's score of 39, as of February 26, 2014.

We scan these top sites and more ...

Atlanta Botanical Garden may not be a direct competitor, however, seeing what they are doing to market themselves online can give you ideas for how to attract more customers. Merchant Centric will help you increase Blacksher Hall's marketing score from its current score of 39 by giving you unique insights into the competition.

Try it for free. No credit card required. Cancel at anytime.

    See what makes up Blacksher Hall's marketing score
    See what Atlanta Botanical Garden is doing to attract customers
    Pick other local competitors to see how you compare and learn what they are doing

Sign up for a free trial. No risk. No commitment.

Want to learn more? View Merchant Centric features.

Don't miss important alerts for Blacksher Hall

For more information, please visit merchantcentric.com

"Real" Links marked on MAIL-Screenshot

SPAM DOMAIN FROM GERMANY:

http://merchantcentric.com/

• https://www.virustotal.com/de/url/2655175568ddab160a5f3a07cb4f6bb08eb47b5970460bd619de5d3dc1ad195e/analysis/1397212380/

THROUGH:

http://b2b-mail.net/

• https://www.virustotal.com/de/url/a0bf735206b0ae297b5fc69b8bbc14d42c1449cf671e3f04db456c138c372871/analysis/1397212963/

• https://www.mywot.com/en/scorecard/b2b-mail.net

"Real" LINKS (DOMAIN):

 http://ci33.actonsoftware.com/

• https://www.virustotal.com/de/url/d79508e04f1cebce60a2a5688ffe2e7bd9b2947a88bd165aab3f8d95eb7a203f/analysis/1397395024/

Redirects to: --->

http://www.actonsoftware.com/

https://www.virustotal.com/de/url/c5a38ba5fa2fa2610f32289824f259f551f7cfe17deace24f5b0bed532861069/analysis/1397397880/

Redirects to: --->

http://www.act-on.com/

• https://www.virustotal.com/de/url/3825d42cb168ac6c02c2658039f6c9fe8c85dd38d9a73f75104fa0011a318655/analysis/1397398511/

HTML

• https://www.virustotal.com/de/file/3d0425fd14e9054f8aad1949bcfef92f734ff1260370a865434af77ee2253f6d/analysis/1397394944/

Goes to:

http://code.jquery.com/jquery-latest.min.js

• https://www.virustotal.com/de/url/726054b5aa9f603f7350b016e0d0e9656d0b36d24bc19cedf14efce395e4eeb9/analysis/1397397801/

AS WELL, HIDDEN IFRAME FOUND:

http://www.act-on.com/contact

• https://www.virustotal.com/de/url/030e98abfbd9c463bdc1146846b6007db4fe30962d7c0fb6bb494fb828e53a18/analysis/1397399608/

W32.HfsIframe

• https://www.virustotal.com/de/file/74f5fc3c7f530b15e849fad2696317a3c6bacb3aa3872918a04efe8f8cd8c768/analysis/1397399505/

Iframe:

http://flex.atdmt.com/mstag/tag/4a37b15a-3ef1-4a8b-a371-479fb864947c/conversion.html?cp=5050&dedup=1

• https://www.virustotal.com/de/url/e3ea0036dd7351f6ae4bc2a4c58b3faa857651b8067f01386ea7cf8c68bb4ca0/analysis/1397399819/

--->

http://r.msn.com/?cp=5050&dedup=1

• https://www.virustotal.com/de/url/c07e4f9ce3ba7d0590a15ec7b77abc9648d8488da09350ccdb9c5a1b6ef0ac38/analysis/

<--- iframe src="//flex.atdmt.com/mstag/tag/4a37b15a-3ef1-4a8b-a371-479fb864947c/conversion.html?cp=5050&dedup=1" frameborder="0" scrolling="no" width="1" height="1" style="visibility:hidden;display:none" --->
----------------------------------------------------------------------------------------------------------------------------------------------
IP:

http://207.189.124.33/

• https://www.virustotal.com/de/url/6a7a91121e48253bb0b7919c01301015ae52960e711c7ee43b3df740e5d5059a/analysis/1397401056/

• https://www.virustotal.com/de/ip-address/207.189.124.33/information/

---> REDIRECTS TO (NON EXISTING DOMAIN - NX)

http://www.124.33?ao=1

• https://www.virustotal.com/de/url/a6aeb1ae8617a7888e4c75593c9568c5ad47aba2219b6c726b0ae0edadc49229/analysis/1397401221/

• http://wepawet.iseclab.org/view.php?hash=3c2a82642a3515ac82103829f31fbd2a&t=1397401105&type=js

See also:
http://wepawet.iseclab.org/view.php?hash=eb0c9b909fa7a3ceca628aa14d38975b&t=1397395059&type=js

RELATED POST:

• http://stayaway2.blogspot.com/2014/04/ip-8416822118-merchantcentriccom-german.html

Let US Welcome: lunpandubishengfa.zhuolingxiu.com as a MALICIOUS VISITOR (to this Blogspot) FROM Beijing, CHINA & Walnut, UNITED STATES IP: 110.173.196.1

MALICIOUS BLOGVISITOR FROM Beijing, CHINA
& Walnut, UNITED STATES

DOMAIN:

http://zhuolingxiu.com/

• https://www.virustotal.com/de/url/b7d7f19c52b69e6721a7b9073741e7c6dc01f7bd4f3e04d9a95e150abb4ecb29/analysis/1397322523/

HTML:

• https://www.virustotal.com/de/file/70624e295994c8b58995ea206a9d203bb56fad709b05ac972f053307a3399911/analysis/1397322837/

• http://sitecheck2.sucuri.net/results/zhuolingxiu.com

IP:

http://110.173.196.1/

• https://www.virustotal.com/de/url/ab6314d04650288df2d4054571208375f4606cdf8b09266e3427a91d2a6f8e62/analysis/1397323537/

• https://www.virustotal.com/de/ip-address/110.173.196.1/information/

BHA: 3

• https://www.projecthoneypot.org/ip_110.173.196.1

Fwd/Rev DNS Match: NO

• http://www.senderbase.org/lookup/?search_string=110.173.196.1

MALICIOUS SUBDOMAIN:

http://lunpandubishengfa.zhuolingxiu.com/

• https://www.virustotal.com/de/url/7481662efef095e53073ccc590585966f6b5c3f3c21d2364dc550ee577836b1f/analysis/

• http://sitecheck2.sucuri.net/results/lunpandubishengfa.zhuolingxiu.com

• http://www.urlvoid.com/scan/lunpandubishengfa.zhuolingxiu.com/

VISITING LINK:

http://lunpandubishengfa.zhuolingxiu.com/16024/

• https://www.virustotal.com/de/url/df9f8d71cd3e8c7a80affdc3a9addb0964b0cae6355eddfabc316dbb74ef5e85/analysis/1397321793/

IP:

http://107.160.11.209/

• https://www.virustotal.com/de/url/ab6314d04650288df2d4054571208375f4606cdf8b09266e3427a91d2a6f8e62/analysis/1397323537/

Network Owner: Psychz Networks

http://www.psychz.net/

• https://www.virustotal.com/de/url/d1aaf5879110e18c64671ba2386ec1e8cb1e8c9144adb6dc9e1003003f67e814/analysis/1397325169/

NEW POTENTIALLY RISKWARE DETECTED: Not-a-virus:PSWTool.Win32.PasswordCracker.wa from securityxploded.com (GooglePasswordKracker - PASSWORDSTEALER)

NEW POTENTIALLY RISKWARE DETECTED:
Google Password Kracker - PASSWORDSTEALER

not-a-virus:PSWTool.Win32.PasswordCracker.wa

http://securityxploded.com/download-file.php?id=1111

• https://www.virustotal.com/de/url/d864fcc6532516ad11184ef1da7b9b213d425f73e2dc491cdc867d8f81a4cdd2/analysis/1397222761/

http://securityxploded.com/getfile_plus.php?id=1111

• https://www.virustotal.com/de/url/fb11af6a71cfc251ce28311cb2ce4a9cd1b9d250466b43d8b69b40a6ec98f300/analysis/1397223150/

(GooglePasswordKracker.zip) PSWTool.Win32.PasswordCracker.wa

• https://www.virustotal.com/de/file/ebdd3d63628348b6f1ff0dfcb48370197ce00fcbb085f1eb5741bb8ff9052be9/analysis/1397125092/

(Setup_GooglePasswordKracker.exe) PSWTool.Win32.PasswordCracker.wa

• https://www.virustotal.com/de/file/64ecac6ab2468141e09c9c9be4eec68d4f7ed2ea0dd659ecc6d386846d82c5fa/analysis/1397222739/

WEPAWET: SUSPICIOUS

• http://wepawet.iseclab.org/view.php?hash=38ed429cd0bfe567ae411d465eed1a1d&t=1397222866&type=js

• http://zulu.zscaler.com/submission/show/b1d8169ade268f06de667c0595f507e6-1397223014

IP:

http://64.150.191.172/

• https://www.virustotal.com/de/url/774ec0fe019369938cf734a511ae4334b74f31e5c0202710934e0997df8a6e7f/analysis/

NEW POTENTIALLY RISKWARE DETECTED: Not-a-virus:PSWTool.Win32.PasswordCracker.ah from securityxploded.com (RouterPasswordKracker - PASSWORDSTEALER)

NEW POTENTIALLY RISKWARE DETECTED:
Router Password Kracker - PASSWORDSTEALER

not-a-virus:PSWTool.Win32.PasswordCracker.ah

http://securityxploded.com/download-file.php?id=1051

• https://www.virustotal.com/de/url/50de12846436464e15f375b94cd40a4ada8548175ad0c62b3e8c60e3a45ae088/analysis/1397221413/

http://securityxploded.com/getfile_plus.php?id=1051

• https://www.virustotal.com/de/url/ba45120dcf7b88f21e1d5a7033d71ead3434b682a0094a78f622590f6fee352d/analysis/1397221456/

(RouterPasswordKracker.zip) PSWTool.Win32.PasswordCracker.ah

• https://www.virustotal.com/de/file/ba3437b5a48fd5427fb2275af78617a2ef90f6279d11dfc89959f5dd63ef09a9/analysis/

(Setup_RouterPasswordKracker.exe) PSWTool.Win32.PasswordCracker.an

• https://www.virustotal.com/de/file/7471baaaa951f9539b6099e9a41025a30ae3004da3b2374187796fec236afa2c/analysis/1397221327/

WEPAWET: SUSPICIOUS

• http://wepawet.iseclab.org/view.php?hash=ba09ba2dabd6b8d643c96c39377be0ce&t=1397221623&type=js

• http://zulu.zscaler.com/submission/show/649a46f0bc29a0e9a0b0200883870201-1397221649

IP:

http://64.150.191.172/

• https://www.virustotal.com/de/url/774ec0fe019369938cf734a511ae4334b74f31e5c0202710934e0997df8a6e7f/analysis/

PHISHING MAIL FROM: safeukemailer.com & planosdesaudeagora.com IP: 174.140.167.243 - DICTIONARY ATTACKER & SPAMSERVER Heuristic.BehavesLike.JS.BufferOverflow.J

PHISHING MAIL FROM:

http://safeukemailer.com/

• https://www.virustotal.com/de/url/7e6568720e2f0e44bfcb9d974823fc0d6bed744157a9e9b655c4f0ac5be96841/analysis/1397215692/

• http://wepawet.iseclab.org/view.php?hash=99533e29222be52ac0aecd2104ced6ec&t=1397215185&type=js

REDIRECTS TO:

http://planosdesaudeagora.com/admin/index.php

• https://www.virustotal.com/de/url/85b7433bf813cd4884a22a8f5f66a8481935be109e6e12066fad3f3ade37fe2f/analysis/1397215746/

HTML

• https://www.virustotal.com/de/file/6ea7c43f2a8f0bc4b6d11931e3eaeb5fe8f085a5db9accf605424390a9e00e21/analysis/1394810790/

ALSO

http://planosdesaudeagora.com/admin/includes/js/javascript.js

• https://www.virustotal.com/de/url/f8369cd305da7c812550ca69ecf82f857f4a2506bbd119b5217c57699ce19eac/analysis/1397216635/

Heuristic.BehavesLike.JS.BufferOverflow.J

• https://www.virustotal.com/de/file/d8c5447067ec6b33acaa3701a50d1d75b985d4e933490b0d0ef81bfd4c7c606d/analysis/1378020397/

DOMAIN LISTED AT SURBL & JOEWEIN

• http://www.urlvoid.com/scan/planosdesaudeagora.com/

• https://www.mywot.com/en/scorecard/planosdesaudeagora.com

IP:

http://174.140.167.243/

• https://www.virustotal.com/de/url/206033db51f7886c907adb9afc607982fbfab8d362ea78ec6e323a5d45cf167d/analysis/1397215940/

• https://www.virustotal.com/de/ip-address/174.140.167.243/information/

DICTIONARY ATTACKER & SPAMSERVER:

• https://www.projecthoneypot.org/ip_174.140.167.243

• http://www.senderbase.org/lookup/?search_string=174.140.167.243