[Tor2web-talk] [Tor2web-abuse] [PL-208301] Malware poxying through your server: ho7rcj6wucosa5bu.tor2web.org

Giovanni Pellerano giovanni.pellerano at evilaliv3.org
Mon Nov 10 23:08:57 CET 2014 

Dear James,

i've readly informed the volunteers behind the nodes to block the
access and the malware has been blocked on 194.150.168.70; the
65.112.221.20 machine has been taken down by the ISP for other
malwares reasons  (damn) and 38.229.70.4 will apply the block ASAP.

i would like to ask you, if in your possibility, to widspread that the
people behind this project is responsible to user protection from
malware and abuse contents so that you can help us to keep the project
alive.

other collaborations in this direction are supported by us.

best,

Giovanni `evilaliv3` Pellerano



2014-11-10 22:51 GMT+01:00  <soc at phishlabs.com>:
> Our company investigates computer crime incidents on behalf of banks and other companies.
>
> The following URL(s) are being used as part of a malware (computer virus) attack.
>
>
> hXXps://ho7rcj6wucosa5bu.tor2web.org/gate.php
>
>
> 194.150.168.70, 38.229.70.4, 65.112.221.20 - tor2web.org
>
>
> We kindly request your help to investigate and stop this attack.  If possible, we would be grateful for the following actions:
>
>    - Block this onion address to prevent the malware from functioning.
>
> If we have contacted you in error, or there is a better way for us to report this incident, please let us know.
>
> Thank you,
>
>
> James Bettke
> PhishLabs Security Operations
> soc at phishlabs.com
> +1.202.386.6001
> http://www.phishlabs.com/
>
>
> Evidence:
>
> Traffic related to this sample:
>
> VirusTotal Report (2 / 55):
> hXXps://www.virustotal.com/en/file/f2ff6ad97b11067ba520d14ccd9c611ad742858775bec88a3d615aa7c5c6333e/analysis/1415654223/
>
> _______________________________________________
> Tor2web-abuse mailing list
> Tor2web-abuse at lists.tor2web.org
> http://lists.globaleaks.org/mailman/listinfo/tor2web-abuse



-- 
Giovanni Pellerano - Founding Member
giovanni.pellerano at logioshermes.org | +39.328.9590046

HERMES - Center for Transparency and Digital Human Rights
Associazione No Profit | Via Aretusa 34, IT-20129 Milan, Italy
t. +39-02-87186005 (voicemail) | f. +39-02-87162573
TaxCode: IT-97621810155 | EuropeAid: IT-2012-AOD-0806909254
w. http://logioshermes.org | m. info at logioshermes.org

More information about the Tor2web-talk mailing list