It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Malicious Toolkit Website 14 Attack #3, 4 on fire-hose
page: 110
share:
Malicious Toolkit Website 14 #3, 4
Ok this is fourth time in the last two day I got a warning from Norton of a attack block from
Toolkit Website 14
When I do a WHOIS lookup it say it was registered the day before and end like today
The last one said the domain name was open to register ?????
I believe it come from the add on fire-hose there always three off them
Now if it happen to you could you post which three add was showing
Maybe between all of us we can narrow it down to a few so ATS owner can do something about it
Also note ip address is the same ???
mysammers.net (91.229.210.195)
Onlieinglisheng.net (91.229.210.195)
Three add visible was
Register .com
The American Express Gold Rewards Card
Grand Chase
From Whois
Registration Service Provided By: BIGROCK.COM
Contact: +01.4153580892
Website: www.bigrock.com...
Domain Name: MYSAMMERS.NET
Registrant:
PrivacyProtect.org
Domain Admin (&&&&&&&&&&&)
ID#10760, PO Box 16
Note - All Postal Mails Rejected, visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676
Creation Date: 16-Jun-2012
Expiration Date: 16-Jun-2013
Domain servers in listed order:
dns1.bigrock.com
dns2.bigrock.com
dns3.bigrock.com
dns4.bigrock.com
Administrative Contact:
PrivacyProtect.org
Domain Admin (&&&&&&&&&&&)
ID#10760, PO Box 16
.
From Whois
[Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See www.ripe.net... % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '91.229.210.0 - 91.229.210.255' inetnum: 91.229.210.0 - 91.229.210.255 netname: SIBHOST descr: ChP Timchenko Evgeniy Nikolaevich remarks: SibHost Network country: RU org: ORG-TIMC1-RIPE admin-c: TIMC1-RIPE tech-c: TIMC1-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-lower: RIPE-NCC-END-MNT mnt-by: TIMCHENKO-MNT mnt-routes: TIMCHENKO-MNT mnt-domains: TIMCHENKO-MNT source: RIPE # Filtered organisation: ORG-TIMC1-RIPE org-name: ChP Timchenko Evgeniy Nikolaevich org-type: OTHER address: Ukraine, g. Kiev, Ivana Kudri str. 2211 address: Russia, Novosibirsk, pr Oktyabrya str. 7119 mnt-ref: TIMCHENKO-MNT mnt-by: TIMCHENKO-MNT source: RIPE # Filtered person: Timchenko Evgeniy address: Ukraine, Kyiv, Ivana Kudri str. 22/11 address: Russia, Novosibirsk, pr Oktyabrya str. 7119 phone: +380661648341 phone: +79712941322 nic-hdl: TIMC1-RIPE mnt-by: TIMCHENKO-MNT source: RIPE # Filtered % Information related to '91.229.210.0/24AS49505' route: 91.229.210.0/24 descr: Selectel PI origin: AS49505 mnt-by: MNT-SELECTEL source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.12.2 (WHOIS2)
91.229.210.195 - Geo Information IP Address 91.229.210.195 Host 91.229.210.195 Location RU, Russian Federation City -, - - Organization ChP Timchenko Evgeniy Nikolaevich ISP ChP Timchenko Evgeniy Nikolaevich AS Number AS49505 Selectel Ltd. Latitude 60°00'00" North Longitude 100°00'00" East Distance 5314.36 km (3302.19 miles)
cqcounter.com...
www.ip-adress.com...
network-tools.com...
91.229.210.195 is from Russian Federation(RU) in region Eastern Europe
TraceRoute to 91.229.210.195
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net
2 0 0 0 4.69.145.254 vlan90.csw4.dallas1.level3.net
3 0 0 0 4.69.151.170 ae-93-93.ebr3.dallas1.level3.net
4 20 23 24 4.69.134.22 ae-7-7.ebr3.atlanta2.level3.net
5 35 34 40 4.69.132.86 ae-2-2.ebr1.washington1.level3.net
6 34 34 39 4.69.134.138 ae-81-81.csw3.washington1.level3.net
7 33 36 33 4.69.134.149 ae-72-72.ebr2.washington1.level3.net
8 114 115 124 4.69.137.53 ae-42-42.ebr2.paris1.level3.net
9 128 123 135 4.69.143.145 ae-48-48.ebr1.frankfurt1.level3.net
10 129 124 124 4.69.140.2 ae-61-61.csw1.frankfurt1.level3.net
11 121 121 121 4.69.154.7 ae-1-60.edge3.frankfurt1.level3.net
12 121 121 120 212.162.19.30 dialup-212.162.19.30.frankfurt1.mik.net
13 155 155 155 87.245.233.133 ae5-6.rt.km.spb.ru.retn.net
14 155 167 155 87.245.252.86 gw-selectel.retn.net
15 200 202 202 91.229.210.195 -
Trace complete
Ok this is fourth time in the last two day I got a warning from Norton of a attack block from
Toolkit Website 14
When I do a WHOIS lookup it say it was registered the day before and end like today
The last one said the domain name was open to register ?????
I believe it come from the add on fire-hose there always three off them
Now if it happen to you could you post which three add was showing
Maybe between all of us we can narrow it down to a few so ATS owner can do something about it
Also note ip address is the same ???
mysammers.net (91.229.210.195)
Onlieinglisheng.net (91.229.210.195)
Three add visible was
Register .com
The American Express Gold Rewards Card
Grand Chase
From Whois
Registration Service Provided By: BIGROCK.COM
Contact: +01.4153580892
Website: www.bigrock.com...
Domain Name: MYSAMMERS.NET
Registrant:
PrivacyProtect.org
Domain Admin (&&&&&&&&&&&)
ID#10760, PO Box 16
Note - All Postal Mails Rejected, visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676
Creation Date: 16-Jun-2012
Expiration Date: 16-Jun-2013
Domain servers in listed order:
dns1.bigrock.com
dns2.bigrock.com
dns3.bigrock.com
dns4.bigrock.com
Administrative Contact:
PrivacyProtect.org
Domain Admin (&&&&&&&&&&&)
ID#10760, PO Box 16
From Whois
[Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See www.ripe.net... % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '91.229.210.0 - 91.229.210.255' inetnum: 91.229.210.0 - 91.229.210.255 netname: SIBHOST descr: ChP Timchenko Evgeniy Nikolaevich remarks: SibHost Network country: RU org: ORG-TIMC1-RIPE admin-c: TIMC1-RIPE tech-c: TIMC1-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-lower: RIPE-NCC-END-MNT mnt-by: TIMCHENKO-MNT mnt-routes: TIMCHENKO-MNT mnt-domains: TIMCHENKO-MNT source: RIPE # Filtered organisation: ORG-TIMC1-RIPE org-name: ChP Timchenko Evgeniy Nikolaevich org-type: OTHER address: Ukraine, g. Kiev, Ivana Kudri str. 2211 address: Russia, Novosibirsk, pr Oktyabrya str. 7119 mnt-ref: TIMCHENKO-MNT mnt-by: TIMCHENKO-MNT source: RIPE # Filtered person: Timchenko Evgeniy address: Ukraine, Kyiv, Ivana Kudri str. 22/11 address: Russia, Novosibirsk, pr Oktyabrya str. 7119 phone: +380661648341 phone: +79712941322 nic-hdl: TIMC1-RIPE mnt-by: TIMCHENKO-MNT source: RIPE # Filtered % Information related to '91.229.210.0/24AS49505' route: 91.229.210.0/24 descr: Selectel PI origin: AS49505 mnt-by: MNT-SELECTEL source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.12.2 (WHOIS2)
91.229.210.195 - Geo Information IP Address 91.229.210.195 Host 91.229.210.195 Location RU, Russian Federation City -, - - Organization ChP Timchenko Evgeniy Nikolaevich ISP ChP Timchenko Evgeniy Nikolaevich AS Number AS49505 Selectel Ltd. Latitude 60°00'00" North Longitude 100°00'00" East Distance 5314.36 km (3302.19 miles)
cqcounter.com...
www.ip-adress.com...
network-tools.com...
91.229.210.195 is from Russian Federation(RU) in region Eastern Europe
TraceRoute to 91.229.210.195
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net
2 0 0 0 4.69.145.254 vlan90.csw4.dallas1.level3.net
3 0 0 0 4.69.151.170 ae-93-93.ebr3.dallas1.level3.net
4 20 23 24 4.69.134.22 ae-7-7.ebr3.atlanta2.level3.net
5 35 34 40 4.69.132.86 ae-2-2.ebr1.washington1.level3.net
6 34 34 39 4.69.134.138 ae-81-81.csw3.washington1.level3.net
7 33 36 33 4.69.134.149 ae-72-72.ebr2.washington1.level3.net
8 114 115 124 4.69.137.53 ae-42-42.ebr2.paris1.level3.net
9 128 123 135 4.69.143.145 ae-48-48.ebr1.frankfurt1.level3.net
10 129 124 124 4.69.140.2 ae-61-61.csw1.frankfurt1.level3.net
11 121 121 121 4.69.154.7 ae-1-60.edge3.frankfurt1.level3.net
12 121 121 120 212.162.19.30 dialup-212.162.19.30.frankfurt1.mik.net
13 155 155 155 87.245.233.133 ae5-6.rt.km.spb.ru.retn.net
14 155 167 155 87.245.252.86 gw-selectel.retn.net
15 200 202 202 91.229.210.195 -
Trace complete
edit on 17-6-2012 by Trillium because: (no reason given)
reply to post by Trillium
yeah I got it. I am hoping all clean at this point...so tired of jerks ruining my computer for their fun!
Sorry I don't know, only that I got it here or a link here.
yeah I got it. I am hoping all clean at this point...so tired of jerks ruining my computer for their fun!
Sorry I don't know, only that I got it here or a link here.
edit on 17-6-2012 by Char-Lee because: (no reason given)
Originally posted by Char-Lee
reply to post by Trillium
yeah I got it. I am hoping all clean at this point...so tired of jerks ruining my computer for their fun!
Sorry I don't know, only that I got it here or a link here.
edit on 17-6-2012 by Char-Lee because: (no reason given)
Thank do you remember which three add was up on your page
need it to narrow it down to find the bad add
This happen on Fire-Hose screen
Top add - Canadian investors agree BMO Investorline
Left add - American Express
Right add - Did not load frozen screen
'brandaro.net/' has an ip address of:
Address: 128.242.54.18#53 Whois on 128.242.54.18#53
You Are Searching For 'brandaro.net':
'brandaro.net' has an ip address of:
Address: 128.242.54.18#53 Whois on 128.242.54.18#53
'brandaro.net' has an ip address of:
Address: 91.229.210.195 Whois on 91.229.210.195
[Querying whois.arin.net] [Redirected to rwhois.gin.ntt.net:4321] [Querying rwhois.gin.ntt.net] [rwhois.gin.ntt.net] %rwhois V-1.5:0078b6:00 rwhois.gin.ntt.net (Vipar 0.1a. Comments to [email protected]) network:Class-Name:network network:Auth-Area:128.242.32.0/19 network:ID:NETBLK-WH-128-242-54-0-24.127.0.0.1/32 network:Handle:NETBLK-WH-128-242-54-0-24 network:Network-Name:WH-128-242-54-0-24 network:IP-Network:128.242.54.0/24 network:In-Addr-Server;I:NS2706-VRIO-HST.127.0.0.1/32 network:In-Addr-Server;I:NS2707-VRIO-HST.127.0.0.1/32network:IP-Network-Block:128.242.54.0 - 128.242.54.255 network:Org-Name:Verio Web Hosting (SME) network:Street-Address:5050 Blue Lake Drive network:City:Boca Raton network:State:FL networkostal-Code:33431 network:Country-Code:US network:Tech-Contact;I:WA576-VRIO.127.0.0.1/32 network:Created:2003-08-07 22:09:35+00 network:Updated:2003-08-07 22:09:35+00 network:Class-Name:network network:Auth-Area:128.242.32.0/19 network:ID:NETBLK-W043-128-242-032.127.0.0.1/32 network:Handle:NETBLK-W043-128-242-032 network:Network-Name:W043-128-242-032 network:IP-Network:128.242.32.0/19 network:In-Addr-Server;I:NS2706-VRIO-HST.127.0.0.1/32 network:In-Addr-Server;I:NS2707-VRIO-HST.127.0.0.1/32 network:IP-Network-Block:128.242.32.0 - 128.242.63.255 network:Org-Name:Verio Web Hosting (SME) network:Street-Address:5050 Blue Lake Drive network:City:Boca Raton network:State:FL networkostal-Code:33431 network:Country-Code:US network:Tech-Contact;I:WA576-VRIO.127.0.0.1/32 network:Created:2001-01-04 00:18:42+00 network:Updated:2001-01-04 00:18:42+00
tools.whois.net...
'brandaro.net' has an ip address of:
Address: 91.229.210.195 Whois on 91.229.210.195
[Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See www.ripe.net... % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '91.229.210.0 - 91.229.210.255' inetnum: 91.229.210.0 - 91.229.210.255 netname: SIBHOST descr: ChP Timchenko Evgeniy Nikolaevich remarks: SibHost Network country: RU org: ORG-TIMC1-RIPE admin-c: TIMC1-RIPE tech-c: TIMC1-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-lower: RIPE-NCC-END-MNT mnt-by: TIMCHENKO-MNT mnt-routes: TIMCHENKO-MNT mnt-domains: TIMCHENKO-MNT source: RIPE # Filtered organisation: ORG-TIMC1-RIPE org-name: ChP Timchenko Evgeniy Nikolaevich org-type: OTHER address: Ukraine, g. Kiev, Ivana Kudri str. 22\11 address: Russia, Novosibirsk, pr Oktyabrya str. 71\19 mnt-ref: TIMCHENKO-MNT mnt-by: TIMCHENKO-MNT source: RIPE # Filtered person: Timchenko Evgeniy address: Ukraine, Kyiv, Ivana Kudri str. 22/11 address: Russia, Novosibirsk, pr Oktyabrya str. 71\19 phone: +380661648341 phone: +79712941322 nic-hdl: TIMC1-RIPE mnt-by: TIMCHENKO-MNT source: RIPE # Filtered % Information related to '91.229.210.0/24AS49505' route: 91.229.210.0/24 descr: Selectel PI origin: AS49505 mnt-by: MNT-SELECTEL source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.12.2 (WHOIS3)
Top add - Canadian investors agree BMO Investorline
Left add - American Express
Right add - Did not load frozen screen
'brandaro.net/' has an ip address of:
Address: 128.242.54.18#53 Whois on 128.242.54.18#53
You Are Searching For 'brandaro.net':
'brandaro.net' has an ip address of:
Address: 128.242.54.18#53 Whois on 128.242.54.18#53
'brandaro.net' has an ip address of:
Address: 91.229.210.195 Whois on 91.229.210.195
[Querying whois.arin.net] [Redirected to rwhois.gin.ntt.net:4321] [Querying rwhois.gin.ntt.net] [rwhois.gin.ntt.net] %rwhois V-1.5:0078b6:00 rwhois.gin.ntt.net (Vipar 0.1a. Comments to [email protected]) network:Class-Name:network network:Auth-Area:128.242.32.0/19 network:ID:NETBLK-WH-128-242-54-0-24.127.0.0.1/32 network:Handle:NETBLK-WH-128-242-54-0-24 network:Network-Name:WH-128-242-54-0-24 network:IP-Network:128.242.54.0/24 network:In-Addr-Server;I:NS2706-VRIO-HST.127.0.0.1/32 network:In-Addr-Server;I:NS2707-VRIO-HST.127.0.0.1/32network:IP-Network-Block:128.242.54.0 - 128.242.54.255 network:Org-Name:Verio Web Hosting (SME) network:Street-Address:5050 Blue Lake Drive network:City:Boca Raton network:State:FL networkostal-Code:33431 network:Country-Code:US network:Tech-Contact;I:WA576-VRIO.127.0.0.1/32 network:Created:2003-08-07 22:09:35+00 network:Updated:2003-08-07 22:09:35+00 network:Class-Name:network network:Auth-Area:128.242.32.0/19 network:ID:NETBLK-W043-128-242-032.127.0.0.1/32 network:Handle:NETBLK-W043-128-242-032 network:Network-Name:W043-128-242-032 network:IP-Network:128.242.32.0/19 network:In-Addr-Server;I:NS2706-VRIO-HST.127.0.0.1/32 network:In-Addr-Server;I:NS2707-VRIO-HST.127.0.0.1/32 network:IP-Network-Block:128.242.32.0 - 128.242.63.255 network:Org-Name:Verio Web Hosting (SME) network:Street-Address:5050 Blue Lake Drive network:City:Boca Raton network:State:FL networkostal-Code:33431 network:Country-Code:US network:Tech-Contact;I:WA576-VRIO.127.0.0.1/32 network:Created:2001-01-04 00:18:42+00 network:Updated:2001-01-04 00:18:42+00
tools.whois.net...
'brandaro.net' has an ip address of:
Address: 91.229.210.195 Whois on 91.229.210.195
[Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See www.ripe.net... % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '91.229.210.0 - 91.229.210.255' inetnum: 91.229.210.0 - 91.229.210.255 netname: SIBHOST descr: ChP Timchenko Evgeniy Nikolaevich remarks: SibHost Network country: RU org: ORG-TIMC1-RIPE admin-c: TIMC1-RIPE tech-c: TIMC1-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-lower: RIPE-NCC-END-MNT mnt-by: TIMCHENKO-MNT mnt-routes: TIMCHENKO-MNT mnt-domains: TIMCHENKO-MNT source: RIPE # Filtered organisation: ORG-TIMC1-RIPE org-name: ChP Timchenko Evgeniy Nikolaevich org-type: OTHER address: Ukraine, g. Kiev, Ivana Kudri str. 22\11 address: Russia, Novosibirsk, pr Oktyabrya str. 71\19 mnt-ref: TIMCHENKO-MNT mnt-by: TIMCHENKO-MNT source: RIPE # Filtered person: Timchenko Evgeniy address: Ukraine, Kyiv, Ivana Kudri str. 22/11 address: Russia, Novosibirsk, pr Oktyabrya str. 71\19 phone: +380661648341 phone: +79712941322 nic-hdl: TIMC1-RIPE mnt-by: TIMCHENKO-MNT source: RIPE # Filtered % Information related to '91.229.210.0/24AS49505' route: 91.229.210.0/24 descr: Selectel PI origin: AS49505 mnt-by: MNT-SELECTEL source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.12.2 (WHOIS3)
new topics
-
Maestro Benedetto
Literature: 33 minutes ago -
Is AI Better Than the Hollywood Elite?
Movies: 42 minutes ago -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 4 hours ago -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 4 hours ago -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 5 hours ago -
The functionality of boldening and italics is clunky and no post char limit warning?
ATS Freshman's Forum: 6 hours ago -
Meadows, Giuliani Among 11 Indicted in Arizona in Latest 2020 Election Subversion Case
Mainstream News: 7 hours ago -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest: 7 hours ago -
Weinstein's conviction overturned
Mainstream News: 8 hours ago -
Supreme Court Oral Arguments 4.25.2024 - Are PRESIDENTS IMMUNE From Later Being Prosecuted.
Above Politics: 10 hours ago
top topics
-
Krystalnacht on today's most elite Universities?
Social Issues and Civil Unrest: 10 hours ago, 9 flags -
Supreme Court Oral Arguments 4.25.2024 - Are PRESIDENTS IMMUNE From Later Being Prosecuted.
Above Politics: 10 hours ago, 8 flags -
Weinstein's conviction overturned
Mainstream News: 8 hours ago, 7 flags -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 5 hours ago, 7 flags -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media: 12 hours ago, 6 flags -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest: 7 hours ago, 6 flags -
Meadows, Giuliani Among 11 Indicted in Arizona in Latest 2020 Election Subversion Case
Mainstream News: 7 hours ago, 5 flags -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 4 hours ago, 3 flags -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 4 hours ago, 2 flags -
Any one suspicious of fever promotions events, major investor Goldman Sachs card only.
The Gray Area: 15 hours ago, 2 flags
10