URLVoid Blog

Another malicious link received by an user via Twitter: hxxp:// profitscoaching .info /index.php?eVTv=1336686044437 Whois details: Domain Name: profitscoaching .info Registrar: GoDaddy.com LLC (R171-LRMS) Status: CLIENT DELETE PROHIBITED, CLIENT RENEW PROHIBITED, CLIENT TRANSFER PROHIBITED, CLIENT UPDATE PROHIBITED Expiration Date: 2013-03-07 14:59:08 Creation Date: 2012-03-07 14:59:08 Last Update Date: 2012-05-06 20:39:46 Name Servers: ns61.domaincontrol.com ns62.domaincontrol.com   Registrant [...]

One user has reported us a malicious URL that is being sent as a private message to the users that are registered on Twitter, the extracted malicious link is: hxxp:// www. delicious-audio .com /wp-content If clicked, it redirects users to a new malicious link: HTTP/1.1 302 Found Date: Tue, 08 May 2012 20:50:06 GMT Server: [...]

We have logged a new email that looks like to be sent by LinedIn: The email header info shows it is a scam: Received: from lhost10.forahost.net (server-178.211.48.24.as42926.net [178.211.48.24]) Received: from c9069568.static.spo.virtua.com.br ([201.6.149.104]:49583 helo=fixnot.com.tr) by lhost10.forahost.net Date: Fri, 04 May 2012 08:34:11 -0700 From: "Order" @fixnot.com.tr Subject: Link LinkedIn Mail The email body contains also few [...]

Our sandbox has logged various domains with suffix .COM.BR infected with a malicious obfuscated javascript code, that is injected at begin of the HTML pages of the websites, before the initial <html> tag: The malicious script redirects the users to a malicious URL: hxxp:// bylviha .ru/count18.php An example of websites infected: hxxp:// carboniferacatarinense .com .br/ [...]

We have logged other phishing emails used to steal details of Visa users: From – Mon Apr 23 16:04:50 2012 Received: from ser.just3d.tv (unknown [91.227.127.33]) Received: (qmail 23589 invoked by uid 0); 23 Apr 2012 13:21:36 -0000 Received: from unknown (HELO User) (admin@just3d.tv@151.58.16.184) Reply-To: sicurela@visaltalia.it From: "verified by visa" verified@visaitalia.com Subject: A causa del nostro [...]

New BETA3 of IPVoid service is online. Here is the main changelog: – Service has been rewritten completely – Added other blacklists engines (now 37 in total) – Fixed various blacklists results – View IP addresses related to an ISP – View IP addresses related to an Organization – View IP addresses located in a [...]

We have received few emails that looked like to be sent from LinkedIn: But after checking email header details it was clearly a spam: Return-Path: trtro@www.trt.ro Received: from vps136.whmpanels.com (unknown [89.42.219.181]) Received: from [95.6.42.101] (helo=www.trt.ro) by vps136.whmpanels.com Date: Fri, 30 Mar 2012 21:37:47 +0100 From: "Support" trtro@www.trt.ro Subject: Express LinkedIn Mail The A HREF links [...]

New BETA3 of URLVoid service is online. Here is the main changelog: – Fixed various blacklists results – Added AVGThreatLabs (http://www.avgthreatlabs.com/) – Added URLVir (http://www.urlvir.com/) – Added new statistic: “View 8 zones that have the most detected domains” – Added new tool: Ping Host (http://ping.urlvoid.com/) – Added new tool: DNS Records (http://www.urlvoid.com/tools/dns-records/) – Added new [...]

We have released the new version of URLVoid v2.0 (BETA2) on 16/03/2012. A lot has changed, we have recoded almost everything, scanning of a website is now much faster, we allow users to view also other details about a website, such as traffic statistics, where it is hosted, its organization and it is now possible [...]

We have received various spam emails that simulate messages from Better Business Bureau (BBB), but in real are used to spread malicious links that leads to Blackhole Exploit Kit. The subject of the emails looks like this: Your updated information is necessary A screenshot of the email: Other details of the emails: Return-Path: <top-team3@ms16.hinet.net> Received: [...]