FBI MoneyPak Lander

(O_o)

H̨̼̩͐̑͆̀̚&
Sep 23, 2010
4,719
91
0
L̇ͥͧ̑͋ͥ̏̔͆́̋̂̆̌̚̚&#8
hxxp://dot.itpoliceus.net/us1/ (still live)

QEVY49H.png


lelz @ this. Smells like some .ru friends behind it. The script and code behind it are sorta cool. Thought I would share and archive this here on WF. I bet a lot of stupid ppl fall for this sadly. Looks like they are paying for PPC ads and then switching out the url w this one once their ads start running.

64.120.238.201 - IP in United States, Scranton - Comments and Complaints
Hosted on this IP

dot.itpoliceus.net -> m201.siphonostomecar.com

Starting Nmap 6.25 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2014-07-17 22:26 CDT
Nmap scan report for m201.siphonostomecar.com (64.120.238.201)
Host is up (0.061s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp filtered smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
3306/tcp open mysql

Apache/2.2.27 (CentOS) Server at c Port 80

Page source: FBI Lander - Pastebin.com
css source: FBI Lander CSS - Pastebin.com
divs.htm source: divs.htm - Pastebin.com
jquery.js source: jquery.js source - Pastebin.com
chrome.js source: chrome.js source - Pastebin.com
images: https://anonfiles.com/file/8ef24e97957cfee3107e9e1ee42ae1bf
check.php - cant get src

Code:
Domain Name: ITPOLICEUS.NET
Registry Domain ID:
Registrar WHOIS Server: whois.domaincontext.com
Registrar URL: www.domaincontext.com
Updated Date: 11-Jun-2014
Creation Date: 11-Jun-2014
Registrar Registration Expiration Date: 11-Jun-2015
Registrar: DomainContext, Inc.
Registrar IANA ID: 1111
Registrar Abuse Contact Email: tld-abuse@domaincontext.com
Registrar Abuse Contact Phone: +7 495 6459373
Domain Status: clientTransferProhibited
Registry Registrant ID: DI_35697948
Registrant Name: Vladimir Opranov
Registrant Organization: N/A
Registrant Street: Vavilova 7-64
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 117312
Registrant Country: RU
Registrant Phone: +7.4953692581
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: vova.opranov@bk.ru
Registry Admin ID: DI_35697948
Admin Name: Vladimir Opranov
Admin Organization: N/A
Admin Street: Vavilova 7-64
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 117312
Admin Country: RU
Admin Phone: +7.4953692581
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: vova.opranov@bk.ru
Registry Tech ID: DI_35697948
Tech Name: Vladimir Opranov
Tech Organization: N/A
Tech Street: Vavilova 7-64
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 117312
Tech Country: RU
Tech Phone: +7.4953692581
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: vova.opranov@bk.ru
Name Server: ns1.itpoliceus.net
Name Server: ns2.itpoliceus.net

PS. Sup Feds, NSA, GCHQ, DoJ Bots! Dont subpoena or taze me bros!
 


does it actually "lock" anything or is it just completely fake?

Last I checked, no one was sure.
There was a virus going around that would encrypt people's files and this was one of the sites they were using to extort people into buying the encryption key.
 
Last I checked, no one was sure.
There was a virus going around that would encrypt people's files and this was one of the sites they were using to extort people into buying the encryption key.

I think someone shared the revenue figures from one of these operations on here a while ago (was it here?). The $$$, split up by country, was ridiculous.
 
does it actually "lock" anything or is it just completely fake?

Most of these sites use a java/browser/virus exploit to "lock" your browser to only ever see this FBI page.

Considering they want $500 from you I would have to say that yeah this lander somehow locks your browser like the other viruses. No way they will get paid if someone just hits the back button or closes the window.

Also doesn't $500 seem retardedly high? Most of these ransomware things ask for $50-$200. One even doubled the "fine" if you didn't pay by a certain date.
 
does it actually "lock" anything or is it just completely fake?

Its nothing more than a website. It cant do anything to you at all. You just click X and close out of it. Its a popup lander of scare tactic shit to trick people into paying $1000. They force this popup on a few mil people in a day via hijacked PPC switch out and prob make an easy 5-6 figure amount.

Last I checked, no one was sure.
There was a virus going around that would encrypt people's files and this was one of the sites they were using to extort people into buying the encryption key.

cryptolocker did in fact encrypt your hdd and destroy it didnt pay the ransom.
 
(I know it's a scam...)

But seeing as many taxes/bullshit monies people are forced to pay to the gov..

I wouldn't even be surprised to see this happening in reality, lol.

The government has to get their hands in everything, seems like their missing out here.
 
Its nothing more than a website. It cant do anything to you at all. You just click X and close out of it. Its a popup lander of scare tactic shit to trick people into paying $1000. They force this popup on a few mil people in a day via hijacked PPC switch out and prob make an easy 5-6 figure amount.
They have some pretty aggressive exit pops (well, haven't seen this one, the ones I've seen have used better wording than 'child porno') but yeah, killing the process via task manager then not restoring the tab (if using firefox) gets rid of it, fairly easy.
 
FUCK why can't i post.

tiping this for the 3rd time now. basically most of them are not just a popup, some require you to boot in safe mode and kill a few exes. i've gotten a few laptops from friends to fix.