Category Archives: security threat

bestgirlsxx.com

Malware infected sites

94.28.173.220 resolves to dedic.dc.besthosting.ua.

The following A records are set to 194.28.173.220:
bestgirlsrus.comScam Alert 1
bestgirlsxx.com
bestxxgirls.com
dategirlsxx.com
datewrg.com
datexxgirls.com
datilinal.com
dating-lux.com
datingruss.com
datingxxgirls.com
fishflytoy.com
girlsbestrus.com
girlsbestxx.com
girlsdatexx.com
girlsonlinerus.com
girlsrusbest.com
girlsxxbest.com
girlsxxdate.com
girlsxxdating.com
ns1.continentalcargocompany.com
ns1.premiumcargocompany.com
ns2.continentalcargocompany.com
ns2.premiumcargocompany.com
onlinegirlsrus.com
onlinerugirls.com
onlinerusgirls.com
plsdating.com
rusbestgirls.com
rusgirlsbest.com
rusgirlsonline.com
rusonlinegirls.com
russadult.com
xxbestgirls.com
xxdategirls.com
xxgirlsbest.com
xxgirlsdate.com
yoyamed.com
yoyaplst.com

WhoIs ~ www1.clicksensational.com

A threat to the Global Internet Infrastructure
Money Mule eco-system 1

Money Mule eco-system 2

190.120.229.99

www1.clicksensational.com

Announced By
Origin AS Announcement Description
AS26272 190.120.224.0/20 Infolink Panama Corp
AS26272 190.120.228.0/22 Infolink Panama Corp

Address has 29 hosts associated with it.

https://route.robtex.com/190.120.229.0-24.html#netmap

190.120.229.0/24

We have 206 A records and 119 PTR records in this network. Six percent of the A records have corresponding PTR records and ten percent of the PTR records have corresponding A records.

Network Map – Network

 

IANA-BLK The whole IPv4 address space

admin-c: IANA1-AFRINIC
country: EU # Country is really world wide
descr: The whole IPv4 address space
inetnum: 0.0.0.0 – 255.255.255.255
mnt-by: AFRINIC-HM-MNT
mnt-lower: AFRINIC-HM-MNT
netname: IANA-BLK
org: ORG-IANA1-AFRINIC
remarks: The country is really worldwide.
This address space is assigned at various other places in
the world and might therefore not be in the RIPE database.
data has been transferred from RIPE Whois Database 20050221
source: AFRINIC # Filtered
status: ALLOCATED UNSPECIFIED
tech-c: IANA1-AFRINIC

BGP announced by

 

128.0.0.0/2

BGP announced by

190.120.224.0/20 Infolink_190-120-224-0-BLOCK

BGP announced by

Registered route from

Location Panama

190.120.228.0/22

Network

PA-IPCO3-LACNIC Infolink Panama Corp.

abuse-c: MIA17
address: APDO 0832-2745, –, Suite 152, World Trade C
0832-2745 – Panama – PA
changed: 20120321
country: PA
created: 20120321
inetnum: 190.120.228/22
inetnum-up: 190.120.224/20
inetrev: 190.120.228/22
nserver: NS3.FORTATRUST.COM
nslastaa: 20130727
nsstat: 20130727 AA
owner: Infolink Panama Corp.
owner-c: MIA17
ownerid: PA-IPCO3-LACNIC
phone: +507 3176046 []
responsible: Miguel Abood
status: reallocated
tech-c: MIA17

BGP announced by

Graph   Sites
IP Type Hostname
190.120.229.0 PTR mta24.wilinkmail3.net
190.120.229.1 PTR mta25.wilinkmail3.net
190.120.229.2 PTR server01.caffoartes.com.br
A webb.net.br
190.120.229.4 PTR mail.shivas01.co.cc
190.120.229.5 A besttabs-solution.com
edtabs-selection.com
perfect-onlinepharmacy.com
reliable-tablets.com
rxtabs-online.com
safe-edpills.com
trustedtablets-online.com
ultimate-pill-store.com
your-excellent-tablets.com
your-perfect-generics.com
ns1.extendedlv.com
*.trustedtablets-online.com
www.trustedtablets-online.com
190.120.229.6 PTR mail10.emktprime.com.br
190.120.229.8 PTR mail3.propaganews.com.br
190.120.229.9 PTR mail4.propaganews.com.br
190.120.229.10 PTR mail5.propaganews.com.br
190.120.229.11 A+PTR mail6.propaganews.com.br
190.120.229.12 PTR mail7.propaganews.com.br
190.120.229.13 PTR mail8.propaganews.com.br
190.120.229.16 A+PTR apcprofession.com
A jeunes-femmes-sexe.com
190.120.229.42 A femme-enculee-profond.com
190.120.229.43 PTR mail9.propaganews.com.br
A belle-gothique.com
esposa-follada-profunda.com
190.120.229.44 PTR mail10.propaganews.com.br
A cazzo-nel-culo.com
cock-in-ass.com
cock-in-the-ass.com
kogut-w-dupe.com
ns2.jorpoint.com
190.120.229.45 PTR mail11.propaganews.com.br
190.120.229.49 PTR dealsnoticedaily.com.229.120.190.in-addr.arpa
190.120.229.51 PTR dealsparktoday.com
190.120.229.52 A jetstar-airlines.com
190.120.229.56 A ns2.kikbac.com
190.120.229.61 PTR great-dating-specials.com
A azureapple.info
190.120.229.64 A+PTR shell.networkjunkies.com
190.120.229.65 PTR mail13.propaganews.com.br
190.120.229.67 PTR mktdescontos.com.br
190.120.229.68 A mail.offwhite.net
190.120.229.70 PTR smail01.textlandiamanager.com
190.120.229.71 PTR app.networksexperts.com
190.120.229.74 PTR serv74.mktdescontos.com.br
190.120.229.75 A+PTR juanin.com
190.120.229.77 A+PTR ntkernel.com
A ntndis.com
*.ntkernel.com
mail.ntkernel.com
190.120.229.78 PTR serv78.mktdescontos.com.br
190.120.229.79 PTR ns1877.hospedagemdesites.net.br
190.120.229.80 PTR www2.rewardsshere4u.com
A foreclosureangelfoundation.com
www.foreclosureangelfoundation.com
190.120.229.81 PTR pty13186.webhost10.net
190.120.229.82 PTR www.prizeshere4u.com
190.120.229.83 PTR www1.prizeshere4u.com
190.120.229.84 PTR rev1.webhost10.net
190.120.229.85 A+PTR rev2.webhost10.net
190.120.229.86 A+PTR rev3.webhost10.net
190.120.229.87 A+PTR rev4.webhost10.net
190.120.229.88 PTR mail14.propaganews.com.br
190.120.229.89 A link-building-guide.com
freakasaur.us
190.120.229.90 PTR www2.linkhere4u.com
190.120.229.91 PTR www3.linkhere4u.com
190.120.229.92 PTR www.gohere4u.com
190.120.229.93 A+PTR mail.talemail.net
A talemail.net
190.120.229.94 PTR netvalueorbiter.com
190.120.229.95 PTR mail6.marktbrasil.com.br
190.120.229.96 PTR mail11.emktprime.com.br
190.120.229.97 PTR mail7.marktbrasil.com.br
A gohonline.net
190.120.229.98 PTR www.clicksensational.com
190.120.229.99 PTR www1.clicksensational.com
A beyond-atlantis.biz
freelancersltd.biz
fundstransferalliance.biz
accounting-plus-uk.com
andromeda-uk.com
business-solution-partnerltd.com
dynamite-solutions.com
fin-advice-centre.com
accounting-plus-ltd.org
andromeda-ltd.org
bestsolutions-usa.org
business-solutionpartner-ltd.org
consult-compass-us.org
fundstransferalliance-us.org
galaxy-software-sol.org
holdings-solution.org
190.120.229.100 PTR www2.clicksensational.com
190.120.229.101 PTR mail17.propaganews.com.br
A galaxy-software-sol.cc
best-n-saveltd.com
bmc-outsourcing-inc.com
business-sol-spec.com
careerbestltd.com
corpdenhouse.com
financedrive-uk.com
freelancersltd.com
inc-londonltd.com
ramejkis.com
business-solution-spec.net
financial-advice-cen.net
financedrive-ltd.org
190.120.229.102 PTR serv102.mktdescontos.com.br
190.120.229.103 A asap-us.biz
bestsolutions-usa.biz
consult-compass-ltd.biz
biz-software.cc
infoace-ltd.com
dynamitesolutions-ltd.net
asap-us.org
beyond-atlantis-ltd.org
biz-software.org
careerbestltd.org
denhouseltd.org
incorp-london-ltd.org
incorplondonltd.org
190.120.229.104 PTR f1.servbb.com
190.120.229.106 PTR f2.servbb.com
A buffspiral.info
190.120.229.107 PTR mail3.emktprime.com.br
A coralrope.info
190.120.229.108 PTR mail4.emktprime.com.br
A forestroof.info
190.120.229.109 A+PTR f3.servbb.com
A forkspice.info
ns1.dattellix.net.ve
190.120.229.110 PTR mail5.emktprime.com.br
A gamemagnet.info
190.120.229.111 PTR www3.4utogohere.com
A rateyourcrack.com
rateyourrack.com
rateyourrear.com
rateyourrod.com
rateyoursex.com
rateyourtat.com
you-are-the-boss.com
rategateway.net
rateyourpiercing.net
rateyourrack.net
new.rateyourrack.com
www.rateyourrack.com
www.rateyourrod.com
www.rateyoursex.com
www.you-are-the-boss.com
pics.rategateway.net
190.120.229.112 PTR nosy.topdeliverysite.com
A pubtronic.com
pubtronic.net
190.120.229.113 PTR big.topdeliverysite.com
190.120.229.114 PTR angry.topdeliverysite.com
190.120.229.115 PTR cuddly.topdeliverysite.com
190.120.229.116 PTR naughty.topdeliverysite.com
190.120.229.118 PTR www.greatersuperdeals.com
190.120.229.119 PTR www1.greatersuperdeals.com
190.120.229.120 PTR www2.greatersuperdeals.com
190.120.229.121 PTR f4.servbb.com
A gehadel.com
190.120.229.122 PTR www.suprduproffer.com
190.120.229.123 PTR f5.servbb.com
190.120.229.124 A+PTR backup0.ontolo.com
190.120.229.125 PTR www3.suprduproffer.com
190.120.229.126 PTR api0.ontolo.com
190.120.229.128 PTR mail28.propaganews.com.br
190.120.229.132 PTR mail29.propaganews.com.br
190.120.229.135 PTR smail01.mobiletoolsuite.com
190.120.229.136 PTR smail52.trumpia.com
190.120.229.137 PTR ip137.soapvalues.com
190.120.229.138 PTR crunchbox1.ontolo.com
190.120.229.139 PTR mail30.propaganews.com.br
190.120.229.140 PTR host.ebillboardsinc.com
190.120.229.142 PTR smail01.mobilemarketiser.com
190.120.229.145 PTR smail35.trumpia.com
190.120.229.146 PTR www.radiodancefloor.it
190.120.229.148 A+PTR foxienet.com
190.120.229.150 A airhighnews.com
murraystore.com
promerta.com
acceddeal.info
acresfriends.info
auraraw.info
barticoupon.info
blenddeals.info
cattretail.info
cheuri.info
coneyfriends.info
crassrewards.info
culpaonline.info
cyproj.info
datedcenter.info
dunnics.info
ethicawards.info
ezgovplace.info
forteawards.info
galagiftcard.info
hazelprizes.info
hidenews.info
latersports.info
loadsinstitute.info
mayorcard.info
medalday.info
pegascoupon.info
perkyawards.info
phoenixtable.info
pottycard.info
proawards.info
quiretail.info
reelcentre.info
rivalinstitute.info
saxonawards.info
seedynews.info
shitgifts.info
redconsumers.org
straithost.org
190.120.229.151 PTR mail31.propaganews.com.br
A daveschultheis.com
frevycnulqe.com
hearthfund.org
190.120.229.152 PTR mail30.propaganews.com.br
A mail.caprxpharmacy.ru
190.120.229.153 PTR mail33.propaganews.com.br
190.120.229.154 PTR mail34.propaganews.com.br
190.120.229.155 A wearysloth.com
mail.aveleyman.com
www.aveleyman.com
190.120.229.159 PTR serv159.mktdescontos.com.br
A consolacionsda.org
190.120.229.162 A roidspharma.com
190.120.229.163 PTR crunchbox0.ontolo.com
190.120.229.164 A 656.cc
190.120.229.166 A venustv.com
*.venustv.com
com.venustv.com
ns1.venustv.com
ns2.venustv.com
root.venustv.com
ww.venustv.com
www.venustv.com
*.com.venustv.com
venustv.com.venustv.com
2242112411142222222.189.9155.in-addr.arpa
*.venustv.com.venustv.com
ns1.venustv.com.venustv.com
ns2.venustv.com.venustv.com
190.120.229.167 A moncler-doudoune-online.com
190.120.229.168 A b-p.md
190.120.229.185 PTR one.hitkill.com
190.120.229.186 PTR mail33.propaganews.com.br
mail61.server3wilink.com.br
190.120.229.187 PTR ip187.soapvalues.com
190.120.229.188 PTR ip188.soapvalues.com
190.120.229.190 A brucegaster.com
190.120.229.196 PTR sp-host3.redseal.net
190.120.229.204 PTR 204-229-120-190.aytta.com
190.120.229.207 A disarq.com
*.disarq.com
ns.disarq.com
nsbackup.disarq.com
190.120.229.208 PTR rocktopia.co.uk
A transistor.ltd.uk
ns1.transistor.ltd.uk
190.120.229.209 A ns2.transistor.ltd.uk
190.120.229.212 PTR emporioborgesbebidas.com.br
A ns3.nascomhosting.com.br
190.120.229.216 PTR serv216.mktdescontos.com.br
190.120.229.224 A asiatique-salope-nue.com
190.120.229.225 PTR us.athos.ro
190.120.229.229 PTR nascomhosting.com.br
A w8motors.com
mail.nascom.com.br
mail.nascomhosting.com.br
190.120.229.230 PTR nascomhosting.com.br
190.120.229.231 PTR dealstartertoday.com
190.120.229.232 PTR ultradailydeals.com
190.120.229.233 PTR dailydeals2you.com
190.120.229.234 A cecibubble.com
190.120.229.235 PTR depressed.makehostingsimple.com
190.120.229.236 PTR serv236.mktdescontos.com.br
190.120.229.237 PTR dirty.makehostingsimple.com
190.120.229.238 PTR envious.makehostingsimple.com
190.120.229.239 PTR two.hitkill.com
190.120.229.240 PTR naughty.makehostingsimple.com
A casting-porno-auvergne.com
chattes-rasee.com
enculer-une-femme.com
femme-gothique-sexe.com
foder-uma-mulher.com
fuck-woman-ass.com
190.120.229.241 PTR breezy.makehostingsimple.com
190.120.229.242 PTR spotty.makehostingsimple.com
190.120.229.243 PTR frightened.makehostingsimple.com
190.120.229.244 A+PTR rocktopia.co.uk
A ns1.rocktopia.co.uk
www.rocktopia.co.uk
190.120.229.245 PTR rocktopia.co.uk
A rocktopia.net
www.rocktopia.net
ns2.rocktopia.co.uk
190.120.229.246 PTR host6.supersenderbr.com
190.120.229.247 PTR host5.supersenderbr.com
190.120.229.255 PTR mail6.enviodigital1.info

WEBSITES POSTING MUG SHOTS AND EXTORTION

The IC3 has received hundreds of complaints from individuals IC3claiming they located their mug shots on 20 different websites, all of which allegedly use similar business practices. Some victims reported they were juveniles at the time of the arrests and their records were sealed. Therefore, their information should not be available to the public. Others stated the information posted on the sites was either incorrect or blatantly false.

Complainants who requested to have their mug shot removed, had to provide a copy of their driver’s license, court record and other personal identifying information. However, providing such information puts those at risk for identify theft.

Complainants were also subject to paying a fee to have their mug shot removed. Although they paid the fee, some of the mug shots were not removed. If they were removed, the mug shots appeared on similar websites.

If the victim threatened to report the websites for unlawful practice, the websites’ owners threatened to escalate the damaging information against the victim.

ATTACKERS USE SKYPE, OTHER IM APPS TO SPREAD LIFTOH TROJAN

SC Magazine featured the following article on June 1, 2013
Users receiving shortened URLs in Skype instant messages, or similar IM platforms, IC3should be wary of a new trojan, called Liftoh.So far, it has primarily infected users in Latin America, said Rodrigo Calvo, a researcher at Symantec.
When targeted, victims receive a message in Spanish containing a shortened URL. The messages appear as if they are coming from someone on the user’s Skype contact list who is linking to a photo.
If clicked, the link redirects users to 4shared.com, which is hosting a URL, which initiates a weaponized zip file containing Liftoh. The trojan is capable of downloading additional malware.The malicious URLs have been clicked on more than 170,000 times, according to Symantec.

TECH SUPPORT CALLS PURPORTEDLY FROM A WIRE TRANSFER COMPANY

The IC3 has recently received complaints from businesses regarding telephone IC3calls from individuals claiming to be with a wire transfer company’s tech support. One complainant reported that the wire transfer company’s name was displayed on their caller ID.

The callers instructed the victims to go to a particular website to run an application which allows the caller to remotely access the victim’s computer. Once remote access was established, the victims were instructed to open their wire transfer program and log-in to their accounts, so the callers could update the system.

The victims were then told to turn off their monitors, to avoid interference with the update. The victims later discovered the subjects made wire transfers to NetSpend accounts. One victim noticed something downloading onto his computer once the caller gained remote access.

This made the victim suspicious, so he turned off his computer. Later, he discovered the caller had loaded $950 on a prepaid credit card from the victim’s account. Another victim reported money transfers were made to various states and individuals, but the caller reassured the victim that no transfers were actually being processed. No other details were provided.

Source: http://www.ic3.gov/media/2013/130619.aspx

Cyber Criminals Continue to Use Spear-Phishing Attacks

To Compromise Computer Networks

06/25/13—

The FBI has seen an increase in criminals who use spear-phishing attacks to target multiple industry sectors. These attacks allow criminals to access private computer networks. They exploit that access to create fake identities, steal intellectual property, and compromise financial credentials to steal money from victims’ accounts.

In spear-phishing attacks, cyber criminals target victims because of their involvement in an industry or organization they wish to compromise. Often, the e-mails contain accurate information about victims obtained via a previous intrusion or from data posted on social networking sites, blogs, or other websites. This information adds a veneer of legitimacy to the message, increasing the chances the victims will open the e-mail and respond as directed.

Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim’s usernames and passwords, bank account details, credit card numbers, and other personal information. The criminals can also gain access to private networks and cause disruptions or steal intellectual property and trade secrets.

To avoid becoming a victim, keep in mind that online businesses, including banks and merchants, typically will not ask for personal information, such as usernames and passwords, via e-mail. When in doubt either call the company directly or open your computer’s Internet browser and type the known website’s address. Don’t use the telephone number contained in the e-mail, which is likely to be fraudulent as well.

In general, avoid following links sent in e-mails, especially when the sender is someone you do not know or appears to be from a business advising that your account information needs updated.

Keep your computer’s anti-virus software and firewalls updated. Many of the latest browsers have a built-in phishing filter that should be enabled for additional protection.

If you believe you may have fallen victim to a spear-phishing attack, file a complaint with the FBI’s Internet Crime Complaint Center at http://www.ic3.gov/.

Cyber Criminals Using Photo-Sharing Programs to Compromise Computers

05/30/13—

The FBI has seen an increase in cyber criminals who use online photo-sharing programs to perpetrate scams and harm victims’ computers. These criminals advertise vehicles online but will not provide pictures in the advertisement. They will send photos on request. Sometimes the photo is a single file sent as an e-mail attachment, and sometimes the victim receives a link to an online photo gallery.

The photos can and often contain malicious software that infects the victim’s computer, directing the user to fake websites that look nearly identical to the real sites where the original advertisement was seen. The cyber criminals run all aspects of these fake websites, including “tech support” or “live chat support” and any “recommended” escrow services. After the victim agrees to purchase the item and makes the payment, the criminals stop responding to correspondence. The victims never receive any merchandise.

The FBI urges consumers to protect themselves when shopping online. Here are a few tips for staying safe:

  • Be cautious if you lose an auction on an auction site but the seller contacts you later saying the original bidder fell through.
  • Make sure websites are secure and authenticated before you purchase an item online. Use only well-known escrow services.
  • Research to determine if a car dealership is real and how long it has been in business.
  • Be wary if the price for the item you’d like to buy is severely undervalued; if it is, the item is likely fraudulent.
  • Scan files before downloading them to your computer.
  • Keep your computer software, including the operating system, updated with the latest patches.
  • Ensure your anti-virus software and firewalls are current—they can help prevent malware infections.

If you have fallen victim to this type of scam, file a complaint with the Internet Crime Complaint Center at www.ic3.gov.


source: http://www.fbi.gov/scams-safety/e-scams