domstat.net

Website loading time

during the test: 2.23 s

cable connection (average): 2.75 s

DSL connection (average): 3.27 s

modem (average): 30.81 s

HTTP headers

HTTP/1.0 200 OK

Content-Type: text/html; charset=UTF-8

Expires: Sat, 15 Oct 2011 20:48:05 GMT

Date: Sat, 15 Oct 2011 20:48:05 GMT

Cache-Control: private, max-age=0

Last-Modified: Sun, 09 Oct 2011 17:55:40 GMT

ETag: "dd3ddc93-408d-4918-a3fe-871a66ac39d8"

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Server: GSE

Information about DNS servers

Received from the first DNS server

Request to the server "ddanchev.blogspot.com"
You used the following DNS server:
DNS Name: ns4.monikerdns.net
DNS Server Address: 50.57.11.88#53
DNS server aliases:

HEADER opcode: REQUEST, status: NOERROR, id: 28056
flag: qr aa rd REQUEST: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

REQUEST SECTION:
ddanchev.blogspot.com. IN ANY

ANSWER SECTION:
ddanchev.blogspot.com. 600 IN A 208.73.210.48

AUTHORITY SECTION:
blogspot.com. 600 IN NS ns1.monikerdns.net.
blogspot.com. 600 IN NS ns4.monikerdns.net.
blogspot.com. 600 IN NS ns2.monikerdns.net.
blogspot.com. 600 IN NS ns3.monikerdns.net.

SECTION NOTES:
ns1.monikerdns.net. 28800 IN A 208.73.210.41
ns2.monikerdns.net. 28800 IN A 208.73.211.42
ns3.monikerdns.net. 28800 IN A 50.57.11.89
ns4.monikerdns.net. 28800 IN A 50.57.11.88

Received 205 bytes from address 50.57.11.88#53 in 43 ms

Received from the second DNS server

Request to the server "ddanchev.blogspot.com"
You used the following DNS server:
DNS Name: ns2.monikerdns.net
DNS Server Address: 208.73.211.42#53
DNS server aliases:

HEADER opcode: REQUEST, status: NOERROR, id: 9345
flag: qr aa rd REQUEST: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

REQUEST SECTION:
ddanchev.blogspot.com. IN ANY

ANSWER SECTION:
ddanchev.blogspot.com. 600 IN A 208.73.210.48

AUTHORITY SECTION:
blogspot.com. 600 IN NS ns4.monikerdns.net.
blogspot.com. 600 IN NS ns1.monikerdns.net.
blogspot.com. 600 IN NS ns2.monikerdns.net.
blogspot.com. 600 IN NS ns3.monikerdns.net.

SECTION NOTES:
ns1.monikerdns.net. 28800 IN A 208.73.210.41
ns2.monikerdns.net. 28800 IN A 208.73.211.42
ns3.monikerdns.net. 28800 IN A 50.57.11.89
ns4.monikerdns.net. 28800 IN A 50.57.11.88

Received 205 bytes from address 208.73.211.42#53 in 78 ms

Subdomains (the first 50)

Typos (misspells)

Location

IP: 209.85.175.132

continent: NA, country: United States (USA), city: Mountain View

Website value

rank in the traffic statistics:

There is not enough data to estimate website value.

Basic information

website build using CSS

code weight: 200.08 KB

text per all code ratio: 30 %

title: Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

description:

keywords:

encoding: UTF-8

language: en

Website code analysis

one word phrases repeated minimum three times

two word phrases repeated minimum three times

three word phrases repeated minimum three times

B tags

Spamvertised message:

TrojanDownloader:Win32/Dofoil.D

falcononfly2006.ru/blog/task.php?bid=2bfc680038ba2be7&os=5-1-2600&uptime=0&rnd=150156

falcononfly2006.ru

diamondexchange2011.ruphilippinemoney2011.ruBedownloader2011.rudolcekomarenoro2011.ruforsalga102.rurunescapegpge2011.ruyomwarayom2001.ruphilippinemoney2011.rumoneymgmt2011.rumoneykeep2011.rufirewallmakeover.ruczechmoney2011.rucommunityspace2911.rubrazilianmoney2011.r

.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Spamvertised body:

Spamvertised attachments:

Detection rate:

onemoretimehi.ru/piety.exe

onemoretimehi.ru/ftp/g.php

piety.exe

onemoretimehi.ru/tops.exe

personal RSS feed

Zero Day's main feed

01.

02.

03.

04.

05.

06.

07.

08.

09.

10.

11.

12.

13.

14.

15.

spamvertised Uniform Traffic Tickets

FDIC Notification

_Uniform Traffic Tickets

Detection rates:

Gen:Trojan.Heur.FU.bqW@aK9ebrii

MD5   : 6361d4a40485345c18473f3c6b4b6609SHA1  : 50b09bb2e0044aa139a84c2e445a56f01d70c185SHA256: ca67a14bfed2a7bc2ac8be9c01cb17d5da12b75320b4bad4fe8d8a6759ad9725Ticket1.exe - Trojan-Downloader.Win32.Small.ccxz

sdkjgndfjnf.ru/pusk3.exe

rattsillis.com/ftp/g.php

rattsillis.com/pusk3.exe

DNS emulation of ns1.lemanbrostm.info

belidiskalom.com

lemanbrostm.info

Known MD5 modifications for pusk3.exe at rattsillis.com:

rattsillis.com/blood.exe

rattsillis.com/pusk.exe

rattsillis.com/pusk2.exe

Known MD5 modifications for pusk3.exe at sdkjgndfjnf.ru

sdkjgndfjnf.ru/blood.exe

sdkjgndfjnf.ru/pusk2.exe

sdkjgndfjnf.ru/pusk.exe

Detection rate for blood.exe:

Trojan-Spy.Win32.Zbot

_FDIC Notification

rattsillis.com

spamvertised ACH Payment Canceled campaign

Tracking Down Internet Terrorist Propaganda

Arabic Extremist Group Forum Messages' Characteristics

Cyber Terrorism Communications and Propaganda

A Cost-Benefit Analysis of Cyber Terrorism

Current State of Internet Jihad

Analysis of the Technical Mujahid - Issue One

Full List of Hezbollah's Internet Sites

Steganography and Cyber Terrorism Communications

Hezbollah's DNS Service Providers from 1998 to 2006

Mujahideen Secrets Encryption Tool

Analyses of Cyber Jihadist Forums and Blogs

Cyber Traps for Wannabe Jihadists

Inshallahshaheed - Come Out, Come Out Wherever You Are

GIMF Switching Blogs

GIMF Now Permanently Shut Down

GIMF - "We Will Remain"

Wisdom of the Anti Cyber Jihadist Crowd

Cyber Jihadist Blogs Switching Locations Again

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

A Botnet of Infected Terrorists?

Infecting Terrorist Suspects with Malware

The Dark Web and Cyber Jihad

Cyber Jihadist Hacking Teams

Two Cyber Jihadist Blogs Now Offline

Characteristics of Islamist Websites

An Analysis of the Technical Mujahid - Issue Two

Terrorist Groups' Brand Identities

A List of Terrorists' Blogs

Jihadists' Anonymous Internet Surfing Preferences

Sampling Jihadists' IPs

Cyber Jihadists' and TOR

A Cyber Jihadist DoS Tool

Mujahideen Secrets 2 Encryption Tool Released

Terror on the Internet - Conflict of Interest

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Keeping Money Mule Recruiters on a Short Leash series

ACWOODE-GROUP.COM

ACWOODE-GROUP.NET

ART-GAPSON.COM

CONDOR-LLC-UK.NET

CONDORLLC-UK.COM

DE-DVFGROUP.BE

ELENTY-CO.NET

ELENTY-LLC.COM

fabia-art.com

fine-artgroup.com

GAPSONART.NET

gmd-contracting.com

GURU-GROUP.CC

GURU-GROUP.NET

INTECHTODEX-GROUP.COM

ltd-scg.net

NARTEN-ART.COM

NARTENART.NET

panart-llc.com

REFINEMENT-ANTIQUE.COM

REFINEMENTUK-LTD.NET

SKYLINE-ANTIQUE.COM

SKYLINE-LTD.NET

techce-group.com

TODEX-GROUP.NET

triad-webs.com

AS24940

AS16265

AS26496

AS10297

NS1.MKNS.SU

NS2.MKNS.SU

NS3.MKNS.SU

NS1.MNAMEDL.SU

NS2.MNAMEDL.SU

NS3.MNAMEDL.SU

NS1.MLDNS.SU

NS2.MLDNS.SU

NS3.MLDNS.SU

NS1.NAMESUKNS.CC

NS2.NAMESUKNS.CC

NS3.NAMESUKNS.CC

NS1.NAMEUK.AT

NS2.NAMEUK.AT

NS3.NAMEUK.AT

NS1.UKDNSTART.NET

NS2.UKDNSTART.NET

NS3.UKDNSTART.NET

Related posts:

This post has been reproduced from Dancho Danchev's blog.

_Dragon Pack Web Malware Exploitation Kit

_Dragon Exploit Pack

_Katrin Exploit Pack

_Liberty Exploit Pack

_Bleeding Life Exploit Pack

ART-GROUPINTEGRETED.COM

ARTINTEGRATED-GROUP.NET

COMPLETE-ART-GROUP-LTD.COM

COMPLETE-ART-UK.NET

CONTEMP-USAINC.COM

CONTEMP-USGROUP.COM

DE-KADEGROUP.CC

DERWOODE-GROUP.CC

GLACIS-GROUPUK.NET

INTEGRATED-EUROPE-IT.NET

ITAGROUP-USA.NET

IT-ANALISYS.COM

ITANALYSISGROUP.NET

KADE-GROUPDE.NET

MASTERARTUSA.COM

quad-groupuk.cc

SCAR-BEIINC.COM

SMARTLLC-UK.COM

SMART-LLC-UK.NET

SPECIAL-ARTUK.COM

SUBLIMELTD.COM

NS1.DNSUS.SU

NS2.DNSUS.SU

NS3.DNSUS.SU

NS1.NAMEUSNS.SU

NS2.NAMEUSNS.SU

NS3.NAMEUSNS.SU

NS1.USDENNS.SU

NS2.USDENNS.SU

NS3.USDENNS.SU

NS1.DENDRUYOS.NET

NS2.DENDRUYOS.NET

NS3.DENDRUYOS.NET

NS1.DEDNSAUTH.NET

NS2.DEDNSAUTH.NET

NS3.DEDNSAUTH.NET

NS1.DELTOPOOR.AT

NS2.DELTOPOOR.AT

NS3.DELTOPOOR.AT

AS42708

AS29713

AS38913

ATLANTALTD-UK.CC

ATLANTA-LTD-UK.NET

3ATLANTA-UK.COM

BLITZNET-GROUPINC.CC

5DALI-STYLE.COM

DALISTYLE-GROUP.CC

DERWOODE-GROUP.COM

DERWOODE-GROUP.NET

GLACIS-GROUPLLC.COM

1GLACISGROUP-LLC.NET

IT-AMIRA.NET

ITAMIRA-DE.COM

ITSERV-DE.CO

IT-SERVICELTD.BE

KADE-GROUP.COM

MASTERART-GROUP.COM

MENDRYLTD.COM

MENZEL-GROUP.TV

MITISSANSERVICE-GROUP-LTD.CC

MITISSANSERVICEGROUP-LTD.COM

oregonltd-uk.cc

PARLEN-GROUPLLC.COM

PARLENGROUPLLC.NET

PARLEN-GROUP-USA.COM

QUAD-GROUPUK.CC

QUAD-IT-GROUP.COM

QUINTAGROUP.CC

QUINTA-GROUPUS.COM

QUINTA-LLC.NET

REXTECHINNOVATION.COM

REXTECHLTD.CC

REXTECHLTD-US.COM

SPECIAL-ART-LTD.COM

SPECIAL-ART-UK.CC

SUBLIME-LTD.NET

TARGETMARKETGROUP-LLC.CC

TAZPROGLTD-US.COM

VNSPROJECT-DE.CC

VORTEXLLC-UK.COM

VORTEX-LLC-UK.NET

Info on the loader:

Features of the loader:

Upcoming features:

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

developgroupinc.net

develop-inc.com

mercygroupnet.net

mercy-inc.com

solarisgroupinc.com

solarisgroupnet.net

jvc-inc.com

jvcgroupnet.net

ns1.kalipso19.cc

ns2.kalipso19.cc

ns3.kalipso19.cc

ns1.mamacholi.net

ns2.mamacholi.net

ns3.mamacholi.net

ns1.rjevski.com

ns2.rjevski.com

ns3.rjevski.com

ns1.runlesrun.cc

ns2.runlesrun.cc

ns3.runlesrun.cc

ns1.skotinko.net

ns2.skotinko.net

ns3.skotinko.net

ns1.solojumper.com

ns2.solojumper.com

ns3.solojumper.com

aimic-groupllc.at

ALTERNATIVEART-LTD.COM

alternative-art-ltd.net

artby-gorup.net

artby-group.biz

art-marketllc.cc

seen here 

artsolveltdco.at

aspecs-group.cc

ASPECS-GROUP.CC

callisto-ltdco.net

collins-group.cc

collins-groupusa.com

COLLINS-GROUPUSA.COM

competitorgroup-ltd.com

COMPETITOR-UK-GROUP.NET

DERWART-GROUP.AT

derwart-group.com

drawmade-group.com

DURLEY-ARTAU.NET

DURLEY-ART-GROUP.CC

ephesgroup-llc.biz

EPHES-GROUPLLC.CC

ephes-groupllc.net

fourthgroup-ltd.cc

seen here

FOURTH-UKLTD.NET

generalabbrialgroup-ltd.net

GENERATION-TEAM.NET

groupinc-upland.biz

HELBY-GROUPLTD.BIZ

HELBY-GROUP-LTD.CC

koertig-gmbh.com

kresko-group.biz

LILAC-ANTIQUE.CC

MASTERPIECE-GROUP.CC

MASTERPIECE-GROUP.ORG

megatechservicegroup-ltd.cc

MEGATECHSERVICE-GROUP-LTD.COM

millennial-maingrop.net

mitissanservice-group-ltd.cc

mitissanservicegroup-ltd.com

neoline-groupco.cc

neoline-llc.net

qead-groupllc.net

QEAD-LLC.BIZ

RICHMOND-ART-GROUP.COM

RICHMOND-ART-UK.BIZ

sevg-groupnet.com

SEVG-GROUPNET.COM

sevg-incgr.net

SQUIT-GROUP-LLC.BIZ

SQUITGROUP-LLC.NET

targetmarketgroup-llc.cc

targetmarket-groupllc.net

tazprogltd-us.com

TONSLEY-ART.COM

tonsley-group-uk.net

WEST-VIEW-ART.CC

westview-art.net

ns1.pidnsku.org

ns3.us1copy.ws

ns2.us1copy.at

ns2.stelsgid.net

ns1.usolomio.cc

ns2.usetmegold.su

ns3.usiami.su

ns1.ukansnami.com

ns3.uknamo.com

ns2.dnsukrect.com

Psychological evaluation tests found within AS29713, basically every domain name has its associated binary:

U tags

I tags

Tax notice, There are arrears reckoned on your account over a period of 2010-2011 year. You will find all calculations according to your financial debt, enclosed. Sincerely, Internal Revenue Service

.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Dear Valued Client,We strongly believe that your account may have been compromised. Due to this, we cancelled the last ACH transactions:-(ID: 13104924)-(ID: 04804768)-(ID: 37527025)-(ID: 51633547)initiated from your bank account by you or any other person, who might have access to your account.Detailed report on initiated transactions and reasons for cancellation can be found in the attachment. 

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

This post has been reproduced from Dancho Danchev's blog.

This is the small program that will send/retrieve info from/to the web panel , it is like the server part of a RAT. The loader is coded in C++. Size unpacked is ~100kb , compressed is very small and still stable. I choose C++ as the language for this project cause i code C++ since a long time but i never release some security soft, so as a friend said it is a shame to have a knowledge in C++ and don’t use it instead of Delphi all the time. Also C++ is faster and more stable than any other language.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Looking to buy art? Sell art? Alternative Art Ltd is the first choice for artists and buyers alike! Alternative Art Ltd is an effective tool for the artist and emerging artist to market and promote their art in a professional and inexpensive manner. We will market your art to the international community of art buyers. Whether you are looking to buy or sell original art, Alternative Art Ltd is the premier art site for those seeking to buy or sell original art online.

NO COMMISSIONS! Whether you are looking to buy art or sell art, our site is fully optimized to get results FAST! Alternative Art Ltd is the future of buying and selling original art online. Artists who choose to sell their original art will receive maximum marketing exposure. For artists, selling your art has never been easier, faster, or more cost-effective. We will help you sell your original art DIRECTLY to buyers worldwide with NO COMMISSIONS. Those wishing to buy art online are invited to browse our extensive online galleries of original art. Never before has it been this easy for a buyer to select high-quality original art online. We update daily with new original art from our artist members.

Alternative Art Ltd offers casual collectors and serious connoisseurs alike an amazing collection of original art pieces from the world over. You'll enjoy unparalleled customer care from a knowledgeable and friendly staff of experts. For artists, the inconvenience and high costs of traditional galleries are completely eliminated. Our team of experts puts the latest technology to work for you, putting your original art in front of millions of potential art buyers!

-> [+] hides already used local&remote UDP Port(s)

[+] Base price (Core) for 250$

DDoS(full) + Load module (extended) + Socks5 Deamon for 400$

images

headers

H1

H2

Sunday, October 09, 2011

Tuesday, October 04, 2011

Wednesday, September 28, 2011

Tuesday, September 27, 2011

Sunday, September 11, 2011

Monday, August 29, 2011

Monday, August 22, 2011

Thursday, July 07, 2011

Wednesday, June 08, 2011

Monday, May 30, 2011

Thursday, May 26, 2011

Wednesday, May 25, 2011

Tuesday, May 10, 2011

Monday, May 09, 2011

About Me

Add Feed to RSS Reader

FeedBurner FeedCount

Readers Online

Subscribe to this Blog

Blog Archive

Featured Publications/Articles

Infowar Blogosphere

Jiglu - Topical Tag Cloud

Random Infowar Videos

H3

Sunday, October 09, 2011

Tuesday, October 04, 2011

Wednesday, September 28, 2011

Tuesday, September 27, 2011

Sunday, September 11, 2011

Monday, August 29, 2011

Monday, August 22, 2011

Thursday, July 07, 2011

Wednesday, June 08, 2011

Monday, May 30, 2011

Thursday, May 26, 2011

Wednesday, May 25, 2011

Tuesday, May 10, 2011

Monday, May 09, 2011

About Me

Add Feed to RSS Reader

FeedBurner FeedCount

Readers Online

Subscribe to this Blog

Blog Archive

Featured Publications/Articles

Infowar Blogosphere

Jiglu - Topical Tag Cloud

Random Infowar Videos

H4

H5

H6

internal links

external links