Forum
Comments:
-
- on Sat 28 Jan 2012
- 06:54:48 PM UTC
Hacker attack warning
- URL:
hxxp://masmedias.com/index.php?tp=94df3dd696eea086
- MSE classification: PDF exploit - Exploit:Win32/pdfjsc.RF, report: Virustotal
- URL:
hxxp://108.59.12.78/index.php?tp=94df3dd696eea086
- MSE classification: PDF exploit - Exploit:Win32/pdfjsc.RF, report: Virustotal
- Domain / IP to rate:
- 108.59.12.78
masmedias.com
-
- on Sat 28 Jan 2012
- 07:59:52 PM UTC
RE: Hacker attack warning
Thanks Nick
Sites belonging to the same IP 108.59.12.78 :
For all safety : Stay away from those !trollface.jabascript.org
dskgnksdngjsndgjnsd87.com
thenewstoneagemore.com
thenewagestonemore.com
brumbik.com
zhumbastik.com
jjsk28s.saspen.com
alfedrodgun.com
masmedias.com
karvalosadivosfaros.com
maluhenkooa.in
sdjshjak.low-calorie-diet.netRaise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Sun 29 Jan 2012
- 03:17:12 PM UTC
RE: Hacker attack warning
The whois behind this IP 108.59.12.78 :
The query is assumed to be:
# "n 108.59.12.78"
# Use "?" to get help.# The following results may also be obtained via:
# http //whois.arin.net/rest/nets;q=108.59.12.78?showDetails=true&showARIN=false&ext=netref2NetRange 108.59.0.0 - 108.59.15.255
CIDR 108.59.0.0/20
OriginAS AS30633
NetName LEASEWEB-US
NetHandle NET-108-59-0-0-1
Parent NET-108-0-0-0-0
NetType Direct Allocation
Comment LEASE-ARIN
RegDate 2010-11-18
Updated 2011-07-27
Ref http://whois.arin.net/rest/net/NET-108-59-0-0-1OrgName Leaseweb USA, Inc.
OrgId LU
Address 1209 Orange Street
City Wilmington
StateProv DE
PostalCode 19801
Country US
RegDate 2010-09-13
Updated 2011-07-27
Comment hxxp://www.leaseweb.com
Ref http://whois.arin.net/rest/org/LUOrgNOCHandle LEASE-ARIN
OrgNOCName Leaseweb ARIN
OrgNOCPhone +1-703-552-2754
OrgNOCEmail arin@leaseweb. com
OrgNOCRef http://whois.arin.net/rest/poc/LEASE-ARINOrgTechHandle LEASE-ARIN
OrgTechName Leaseweb ARIN
OrgTechPhone +1-703-552-2754
OrgTechEmail arin@leaseweb. com
OrgTechRef http://whois.arin.net/rest/poc/LEASE-ARINOrgAbuseHandle LUAD1-ARIN
OrgAbuseName Leaseweb US abuse dept
OrgAbusePhone +1-703-552-2754
OrgAbuseEmail abuse@leaseweb. us
OrgAbuseRef http://whois.arin.net/rest/poc/LUAD1-ARINRTechHandle LEASE-ARIN
RTechName Leaseweb ARIN
RTechPhone +1-703-552-2754
RTechEmail arin@leaseweb. com
RTechRef http://whois.arin.net/rest/poc/LEASE-ARINRNOCHandle LEASE-ARIN
RNOCName Leaseweb ARIN
RNOCPhone +1-703-552-2754
RNOCEmail arin@leaseweb. com
RNOCRef http://whois.arin.net/rest/poc/LEASE-ARINRAbuseHandle LUAD1-ARIN
RAbuseName Leaseweb US abuse dept
RAbusePhone +1-703-552-2754
RAbuseEmail abuse@leaseweb. us
RAbuseRef http://whois.arin.net/rest/poc/LUAD1-ARIN#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
-------------------------------------------------------------------------------
Note : Looking up with "Reverse IP" doesn't give a result --> That's weird ! ( or probably on purpose ).Leaseweb.com : - RATED
See scorecard : http://www.mywot.com/en/scorecard/www.leaseweb.com...Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Sun 29 Jan 2012
- 04:33:28 PM UTC
RE: Hacker attack warning
Has anybody reported the masmedias.com attack to abuse@leaseweb.us and, if so, what was the response?
-
- on Sun 29 Jan 2012
- 05:47:26 PM UTC
RE: Hacker attack warning
I'll get it dealt with, cheers.
Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net
-
- on Sun 29 Jan 2012
- 07:16:52 PM UTC
RE: Hacker attack warning
Leaseweb have null-routed the IP ;o)
Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net
-
- on Mon 30 Jan 2012
- 05:53:06 AM UTC
RE: Hacker attack warning
Removed my RATING and comment on the scorecard of leaseweb.com
Thanks for involving Steven.Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Mon 30 Jan 2012
- 01:33:30 PM UTC
RE: Hacker attack warning
@ peterbosch =
Great job !
Rated , commented and waiting to see if they learn never to hack , in particular a fellow wotter !
Best regards ! -
- on Tue 31 Jan 2012
- 10:12:27 AM UTC
RE: Hacker attack warning
@ peterbosch =
Great job !
Rated , commented and waiting to see if they learn never to hack , in particular a fellow wotter !
Best regards !
Thanks mate !Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Tue 31 Jan 2012
- 03:56:08 PM UTC
RE: Hacker attack warning
More RED than this? = Impossible ; )
trollface.jabascript.org
dskgnksdngjsndgjnsd87.com
thenewstoneagemore.com
thenewagestonemore.com
brumbik.com
zhumbastik.com
jjsk28s.saspen.com
alfedrodgun.com
masmedias.com
karvalosadivosfaros.com
maluhenkooa.in
sdjshjak.low-calorie-diet.netI Rated Red The Roots of the Rat that Runs in The Road
JcL
-
- on Wed 01 Feb 2012
- 08:13:14 PM UTC
RE: Hacker attack warning
More RED than this? = Impossible ; )
trollface.jabascript.org
dskgnksdngjsndgjnsd87.com
thenewstoneagemore.com
thenewagestonemore.com
brumbik.com
zhumbastik.com
jjsk28s.saspen.com
alfedrodgun.com
masmedias.com
karvalosadivosfaros.com
maluhenkooa.in
sdjshjak.low-calorie-diet.netI Rated Red The Roots of the Rat that Runs in The Road
Thank you !And also my thanks to all those that contacted me on my board to announce that they support me.
Talking about community spirit.............Wow, super !Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Thu 02 Feb 2012
- 10:06:31 PM UTC
Malware still in action
Website masmedias.com still distributes malware using same provider - "Leaseweb USA", using same IP - 108.59.12.78.
- masmedias.com - distribution of malware URL:Mail according to Avast!
- 108.59.12.78 - distribution of malware URL:Mail according to Avast!
-
- on Fri 03 Feb 2012
- 12:28:32 PM UTC
RE: Hacker attack warning ! AGAIN
I think the same guy or group is trying it again.
The attacking computer is 108.59.5.66.80
The IP is 108.59.5.66
This time the URL mentioned is : qwesyk21.comAnd again this runs through hxxp://www.leaseweb.com, according the whois.
So they have work to do again., null routing this IP too.
Please rate that URL REDCurious what will come up next week - LOL
Edited : Trend micro safety center - report :
"Dangerous - The latest tests indicate that this site contains malicious software or could defraud visitors".Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Fri 03 Feb 2012
- 05:54:15 PM UTC
Hacker attack warning
4ddl.info
defos-warez.com
e-learningfree.com
efireplus.com -
- on Sat 04 Feb 2012
- 12:47:43 AM UTC
RE: Hacker attack warning
I'm on it, cheers.
Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net
-
- on Sat 04 Feb 2012
- 04:12:29 PM UTC
RE: Hacker attack warning
Thanks guys,
Let's see if leaseweb is blocking this rubbish really now.
Like Nick Vini said before, masmedias.com ( earlier mentioned in this thread ) was still active through leasweb last Thursday.Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Sat 04 Feb 2012
- 04:17:12 PM UTC
RE: Hacker attack warning
4ddl.info
defos-warez.com
e-learningfree.com
efireplus.comRATED
Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Sat 04 Feb 2012
- 06:28:45 PM UTC
RE: Hacker attack warning
@peterbosch could you post a screenshot of the Norton attack report, as well as what you were doing when it happened?
:-) Smile!
-
- on Sat 04 Feb 2012
- 06:37:45 PM UTC
Hacker attack warning
@peterbosch could you post a screenshot of the Norton attack report, as well as what you were doing when it happened?Why is this needed? Sorry, this is a question for Peter, but I am just curious, why.
-
- on Sat 04 Feb 2012
- 06:54:04 PM UTC
RE: Hacker attack warning
Why is this needed? Sorry, this is a question for Peter, but I am just curious, why.I'd like to know just how exactly the hacker is targeting his PC, whether it's something running on his system, a web attack etc. I can't tell him how it may be happening without knowing what the attack was and how it may have happened.
:-) Smile!
-
- on Sat 04 Feb 2012
- 08:00:43 PM UTC
RE: Hacker attack warning
I'd like to know just how exactly the hacker is targeting his PC, whether it's something running on his system, a web attack etc. I can't tell him how it may be happening without knowing what the attack was and how it may have happened.It happened the first time on 22.21 hrs on friday 27 Jan.
Second time on 18.58 hrs last friday
Both local time ( one hour later than at you ).
I can not recall if I was active at thos moments.
I tried to copy and paste the text about it from the Norton log files. But copying from that doesn't work.
The report says that it was ( in Dutch ) "Indringingspoging van IP....... is geblokkeerd" --> translated:
"Intruding attempt of IP ...... has been blocked"
Further details of the 1st attack has been published on the beginning of this thread.
The second was also "Blackhole toolkit website 5" and there is a great similarity in IP address.Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Sat 04 Feb 2012
- 09:42:21 PM UTC
RE: Hacker attack warning
It's the Blackhole exploit, it's not targetting you personally. It's more than likely being loaded by one or more of the sites you're visiting (or one of the adverts displayed on them (aka malvertisements)).
Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net
-
- on Sun 05 Feb 2012
- 07:47:51 PM UTC
RE: Hacker attack warning
Thanks Steven !
Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Sun 05 Feb 2012
- 11:52:21 PM UTC
RE: Hacker attack warning
No problem.
Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net
-
- on Mon 06 Feb 2012
- 06:48:09 AM UTC
RE: Hacker attack warning
Sites belonging to IP 108.59.5.66
Be careful and stay away !letmebyyourstuff.co.cc
lennystockman.co.cc
tintindesigns.co.cc
gouldys-and-taylors.co.cc
kuklick21.com
bibkalkos2.com
infinity34.com
barbaralockraseko.com
warezmonster.com
safelock.in
cureplant.in
cleandex.inRaise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
Hacker attack warning
Warning :
I had a hacker attack yesterday, that was succesfully blocked by my AV ( Norton ).
It looks like this bastard has his arrows pointed on WOT members.
Report by Norton :
Target computer : PETERBOSCH-PC
Attacking computer IP 108.59.12.78, 80
Source IP 108.59.12.78
URL of the attacker : hxxp://www.masmedias.com
Security level : HIGH
Type of attack : Blackhole Toolkit website 5
Specification of the attacker : masmedias.com/index.php?
tp=94df3dd696eea086
According to Norton this isn't the fist time from that IP.
Please rate RED
Thanks Peter
Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".