Skip to content

Terrorists Hack EgyptAir Flight MS804 with Weather Satellite same as Malaysia MH370

May 21, 2016

well i found something that shows up if flightradar24 data the same as MH370

a satellite weather change in data

it also has the hacker logging into a email account (to get the virus documents to upload to the computer and a facebook account?)

it says hello to the GLOBAL IR satellite, global radar

not sure if this has anything to do with it?

 

 

<div id=”weather-demo” style=”display: none; position: absolute; z-index: 9999; right: 300px; top: 60px; background: black; padding: 16px; color: #fff;”>
<span style=”display: inline-block; margin-right: 10px;” >Weather demo</span>
<select id=”weather-select” style=”color: black;”>
<option value=”C39-0x0361-0″>Hi Res Composite Radar</option>
<option value=”C09-0x0316-0″>Global IR Satellite</option>
<option value=”C09-0x0395-0″>Global Radar (US Clipped)</option>
<option value=”C09-0x0374-0″>Non-Clipped Global Radar</option>
<option value=”C50-0x030F-0″>Australian Radar</option>
<option value=”C01-0x0306-0″>Canadian Radar</option>
<option value=”C50-0x0325-0″>European radar</option>
<option value=”tfr”>Temporary flight restrictions</option>
<option value=”airsigmet”>AIRMETS/SIGMETS (Domestic)</option>
<option value=”airmets-and-sigmets”>AIRMETS/SIGMETS (International)</option>
<option data-extra-config=”weather-time-select” value=”surface-analysis-alt”>Surface Analysis with Larger Footprint</option>
<option value=”tropical-cone-forecast”>Global Tropical Cyclone Forecast</option>
<option data-extra-config=”weather-time-select;wind-icon-select” data-icon=”Mask1″ value=”gfs-preciprate-inph-surface”>Precipitation Rate Forecast</option>
<option data-extra-config=”weather-time-select” value=”gfs-windspeed-mph-10meter”>Surface Winds Forecast</option>
<option data-extra-config=”weather-time-select;wind-icon-select” data-icon=”ArrowLarge;ArrowSmall” value=”gfs-windvector-10meter”>Wind Vector Forecast – Near surface</option>
<option data-extra-config=”weather-time-select;weather-range-select” data-range-value=”1-35″ data-range-tpl=”gfs-halfdeg-temp-c-?-msl” data-range-unit=”kft” value=”gfs-halfdeg-temp-c-1kft-msl”>Temperature Forecast at various altitudes (1k ft – 35 k ft)</option>
<option data-extra-config=”weather-time-select;wind-icon-select;weather-range-select” data-icon=”ArrowLarge;ArrowSmall;ArrowLengthScaled;WindBarb” data-range-value=”1-51″ data-range-tpl=”gfs-halfdeg-windvector-?-msl” data-range-unit=”kft” value=”gfs-halfdeg-windvector-1kft-msl”>Wind Vector Forecast (or barb) at various altitudes (Surface to 51k ft or FL 530)</option>
<option data-extra-config=”weather-time-select;weather-range-select” data-range-value=”1-51″ data-range-tpl=”gfs-halfdeg-windspeed-kts-?-msl” data-range-unit=”kft” value=”gfs-halfdeg-windspeed-kts-1kft-msl”>Wind Speed Forecast (knots or flight level) at various altitudes (Surface to 51k ft or FL 530)</option>
<option data-extra-config=”weather-time-select” value=”sigwx-mid”>Mid Level Significant Weather Maps</option>
<option data-extra-config=”weather-time-select” value=”sigwx-high”>High Level Significant Weather Maps</option>
<option data-extra-config=”weather-time-select” value=”sigwx-icing-mid”>Medium level SIGWX (icing only) – FL 100 to 450.</option>
<option data-extra-config=”weather-time-select” value=”sigwx-icing-high”>High level SIGWX (icing only) – FL 250 to 630.</option>
<option data-extra-config=”weather-time-select” value=”sigwx-turbulence-mid”>Medium level SIGWX (turbulence only) – FL 100 to 450.</option>
<option data-extra-config=”weather-time-select” value=”sigwx-turbulence-high”>High level SIGWX (turbulence only) – FL 250 to 630.</option>
<option value=”volcanic_eruption”>Global Volcanic Eruptions</option>
</select>
<br />
<select class=”weather-extra-config weather-config” id=”wind-icon-select” style=”display: none; margin-left: 106px; margin-top: 6px; color: black;”>
<option value=”St

 

https://www.flightradar24.com/data/flights/ms804/#9c0b766

 

flights disabled

KML
</button>
<button class=”btn btn-sm btn-white btn-table-action fs-10 disabled” disabled>
<svg class=”icon-fr24-lock”>
<use xmlns:xlink=”http://www.w3.org/1999/xlink&#8221;
xlink:href=”#icon-fr24-lock”></use>
</svg>
CSV
</button>

 

data is lost

Loading data….
</td>
</tr>
<tr data-ng-if=”(aircraftSchedule.length == 0 && !isFetching)”>
<td colspan=”20″ class=”text-center”>
Sorry, but we could not find data for specified flight
</td>
</tr>
</tbody>
<tfoot data-ng-display=”(timeZone == ‘UTC’)”>
<tr>
<td colspan=”20″>
* All dates and times are in UTC timezone

 

tracking IP address

UA-51622-13

https://isc.sans.edu/asreport.html?as=51622

 

AS Information

AS Number 51622
AS Name IV-COM-AS PP _IV-COM_,
Country UA
Contact E-Mail abuse@kwds.net.ua
Updated 2016-05-10 05:54:46

 

back to russia again same as flight MH370

 

https://isc.sans.edu/asreport.html?as=51622

 

in a language i dont understand

but other terrorist attacks were done by the Ukraine too?

and this leads to there again too!

 

 

 organisation:   ORG-IL214-RIPE
             org-name:       PP IV-COM
             org-type:       other
             address:        Ukraine, 47003, Ternopil area,
             address:        Kremenetskiy ditrict, Pidlisci village
             admin-c:        GI1328-RIPE
             tech-c:         OV590-RIPE
             phone:          +380673520203
             fax-no:         +380354623635
             abuse-c:        AC29902-RIPE
             abuse-mailbox:  abuse@kwds.net.ua
             mnt-ref:        IV-COM-MNT
             mnt-by:         IV-COM-MNT
             created:        2010-10-01T18:06:40Z
             last-modified:  2016-02-15T16:45:30Z
             source:         RIPE # Filtered
             
             person:         Grugorchuk Igor
             address:        Ukraine, 47003, Ternopil area,
             address:        Kremenetskiy ditrict, Pidlisci village
             phone:          +380673520203
             nic-hdl:        GI1328-RIPE
             mnt-by:         IV-COM-MNT
             created:        2010-10-01T18:03:30Z
             last-modified:  2014-02-20T13:24:19Z
             source:         RIPE # Filtered
             
             person:         Onishuk Vasul
             address:        Ukraine, 47003, Ternopil area,
             address:        Kremenetskiy ditrict, Kremenets city,Dubenska 145 street
             phone:          +380502277444
             phone:          +380675800342
             nic-hdl:        OV590-RIPE
             mnt-by:         IV-COM-MNT
             created:        2010-10-01T18:04:13Z
             last-modified:  2014-02-20T13:29:07Z
             source:         RIPE # Filtered
             
             % This query was served by the RIPE Database Query Service version 1.87.2 (ANGUS)

IV-COM-AS PP _IV-COM_,

Ransomware IP address :: 176.124.234.115

IP Information

IP address: 176.124.234.115
AS number: AS51622
AS name: IV-COM-AS PP _IV-COM_, UA
Country: - Ukraine (UA)
Spamhaus SBL: Not listed

Associated Ransomware Infrastructure

The table below shows all Ransomware infrastructure that is associated with the IP address 176.124.234.115.

Firstseen (UTC) Host Active (?) Registrar Threat Malware
2016-04-22 14:24:39 wor4d.slewirk.at no Payment Site TeslaCrypt
2016-04-22 14:24:49 kbv5s.kylepasse.at no Payment Site TeslaCrypt
2016-04-22 14:25:09 ibf4d.ukegaub.at no Payment Site TeslaCrypt
2016-04-22 14:25:25 o4dm3.leaama.at no Payment Site TeslaCrypt
2016-04-22 14:25:39 aq3ef.goimocoa.at no Payment Site TeslaCrypt
2016-04-22 14:25:55 fl43s.toabolt.at no Payment Site TeslaCrypt

Ransomware infrastructure associated with this IP address: 6

 

https://ransomwaretracker.abuse.ch/ip/176.124.234.115/

Active (?) Firstseen (UTC) Lastseen (UTC) IP address Hostname SBL AS number AS name Country
yes 2016-04-22 11:06:12 2016-05-21 19:27:05 109.87.187.170 170.187.87.109.triolan.net Not listed AS13188 BANKINFORM-AS CONTENT DELIVERY NETWORK L[…] - Ukraine (UA)

 

 

one active account?

https://ransomwaretracker.abuse.ch/ip/176.124.234.115/host/wor4d.slewirk.at/

 

dont know if this has anything to do with it.

 

Ransomware IP address :: 109.87.187.170

IP Information

IP address: 109.87.187.170
Hostname: 170.187.87.109.triolan.net
AS number: AS13188
AS name: BANKINFORM-AS CONTENT DELIVERY NETWORK LTD,UA
Country: - Ukraine (UA)
Spamhaus SBL: Not listed

Associated Ransomware Infrastructure

The table below shows all Ransomware infrastructure that is associated with the IP address 109.87.187.170.

Firstseen (UTC) Host Active (?) Registrar Threat Malware
2016-05-19 12:08:23 ik4dm.mazerunci.at no Payment Site TeslaCrypt
2016-05-06 08:08:07 h54dc.leverdaze.at no Payment Site TeslaCrypt
2016-05-06 08:08:24 l123d.feustude.at no Payment Site TeslaCrypt
2016-04-22 11:06:12 wor4d.slewirk.at no Payment Site TeslaCrypt

 

interesting last entry is may 19, 2016 at 1208 utc

 

TeslaCrypt Payment Site :: ik4dm.mazerunci.at

Host Information

TeslaCrypt Payment Site: ik4dm.mazerunci.at
Threat: Payment Site
Malware: TeslaCrypt
URL: http://ik4dm.mazerunci.at/
Host Status: online
Blacklist check: Spamhaus DBL: Not Listed
SURBL: Not Listed
Domain Registar: n/a (?)
Nameserver(s): ns3.fircitris.at
ns1.fircitris.at
ns2.fircitris.at
ns4.fircitris.at
Firstseen (UTC): 2016-05-06 08:42:37

 

 

 

 

Active (?) Firstseen (UTC) Lastseen (UTC) IP address Hostname SBL AS number AS name Country
yes 2016-05-19 12:08:23 2016-05-21 19:25:10 109.87.187.170 170.187.87.109.triolan.net Not listed AS13188 BANKINFORM-AS CONTENT DELIVERY NETWORK L[…] - Ukraine (UA)
no 2016-05-19 08:22:13 2016-05-20 09:10:20 93.183.249.207 93-183-249-207-dynamic.retail.datagroup.ua Not listed AS21219 DATAGROUP PRIVATE JOINT STOCK COMPANY _D[…] - Ukraine (UA)
no 2016-05-19 06:38:18 2016-05-19 07:46:46 77.122.114.24 77-122-114-24.dynamic-FTTB.kharkov.volia.com Not listed AS25229 VOLIA-AS Kyivski Telekomunikatsiyni Mere[…] - Ukraine (UA)
no 2016-05-18 12:02:37 2016-05-18 23:24:49 95.76.217.205 Not listed AS6830 LGI-UPC Liberty Global Operations B.V., […] - Romania (RO)
no 2016-05-17 01:40:29 2016-05-21 07:57:00 31.43.243.110 dynpool-31.43.243.110.sevlush.net Not listed AS43764 SEVLUSH-AS Electron Service LTD, UA - Ukraine (UA)

 

 

 

Firstseen (UTC) Host Active (?) Registrar Threat Malware
2016-05-19 12:08:23 ik4dm.mazerunci.at no

 

 

 

TeslaCrypt Payment Site :: ik4dm.mazerunci.at

Host Information

TeslaCrypt Payment Site: ik4dm.mazerunci.at
Threat: Payment Site
Malware: TeslaCrypt
URL: http://ik4dm.mazerunci.at/
Host Status: online
Blacklist check: Spamhaus DBL: Not Listed
SURBL: Not Listed
Domain Registar: n/a (?)
Nameserver(s): ns3.fircitris.at
ns1.fircitris.at
ns2.fircitris.at
ns4.fircitris.at
Firstseen (UTC): 2016-05-06 08:42:37

Associated IP addresses

The table below shows all ip addresses (e.g. A records) associated with this TeslaCrypt Payment Site. In case the host is a domain name, the table also shows a history of previous A records if there are any.

Active (?) Firstseen (UTC) Lastseen (UTC) IP address Hostname SBL AS number AS name Country
yes 2016-05-19 12:08:23 2016-05-21 19:25:10 109.87.187.170 170.187.87.109.triolan.net Not listed AS13188 BANKINFORM-AS CONTENT DELIVERY NETWORK L[…] - Ukraine (UA)
no 2016-05-19 08:22:13 2016-05-20 09:10:20 93.183.249.207 93-183-249-207-dynamic.retail.datagroup.ua Not listed AS21219 DATAGROUP PRIVATE JOINT STOCK COMPANY _D[…] - Ukraine (UA)
no 2016-05-19 06:38:18 2016-05-19 07:46:46 77.122.114.24 77-122-114-24.dynamic-FTTB.kharkov.volia.com Not listed AS25229 VOLIA-AS Kyivski Telekomunikatsiyni Mere[…] - Ukraine (UA)

Ransomware Nameserver :: ns3.fircitris.at

Nameserver Information

Nameserver: ns3.fircitris.at
Registrar: n/a (?)
Blacklist check: Spamhaus DBL: LISTED
SURBL: Not Listed

Associated domain names

The table below shows all associated Ransomware domain names known by Ransomware Tracker that are currently being resolved by this nameserver.

Active (?) Host Firstseen (UTC) Lastseen (UTC) Registrar Threat Malware
yes h54dc.leverdaze.at 2016-05-05 05:52:32 2016-05-21 19:25:23 Payment Site TeslaCrypt
yes ik4dm.mazerunci.at 2016-05-06 08:48:12 2016-05-21 19:24:37 Payment Site TeslaCrypt
yes l123d.feustude.at 2016-05-02 06:38:10 2016-05-21 19:25:55 Payment Site TeslaCrypt
yes wor4d.slewirk.at 2016-04-20 07:24:20 2016-05-21 19:26:52 Payment Site TeslaCrypt
AS13188 BANKINFORM-AS CONTENT DELIVERY NETWORK

 

 

 

https://www.robtex.com/en/advisory/ip/80/73/11/163/

  1. tf2.sloboda.net
  2. VIP
    -=Solomenka=-

    crossfire
    Игроков: 0 / 20

    Элитные бродяги

    aim_map
    Игроков: 3 / 10

    CLASSIC SERVER MGN

    de_dust2_2x2
    Игроков: 0 / 21

    Тип: Aliens VS. Predator
    Aliens VS. Predator 2
    Americas Army
    Americas Army 3
    Arca Sim Racing
    ArmA 2
    ArmA: Armed Assault
    Battlefield 1942
    Battlefield 2
    Battlefield 2142
    Battlefield Bad Company 2
    Battlefield Vietnam
    Call Of Duty
    Call Of Duty 2
    Call Of Duty 4
    Call Of Duty: United Offensive
    Call Of Duty: World at War
    Command and Conquer: Renegade
    Counter-Strike 1.6
    Counter-Strike 2D
    Counter-Strike CZ
    Counter-Strike Source
    Crysis
    Crysis Wars
    Cube Engine
    Day of Defeat: Source
    Deer Hunter 2005
    Doom – Skulltag
    Doom – ZDaemon
    Doom 3
    Enemy Territory: Quake Wars
    F.E.A.R.
    F1 Challenge 99-02
    Far Cry
    Freelancer
    Frontlines: Fuel Of War
    GTR 2
    Garry’s Mod
    Generic GameSpy 1
    Generic GameSpy 2
    Generic GameSpy 3
    Ghost Recon
    Ghost Recon: Advanced Warfighter
    Ghost Recon: Advanced Warfighter 2
    Half-Life
    Half-Life 2
    Halo
    Hidden and Dangerous 2
    IL-2 Sturmovik
    JediKnight 2: Jedi Outcast
    JediKnight: Jedi Academy
    Killing Floor
    Kingpin: Life of Crime
    Left4Dead
    Left4Dead2
    Medal of Honor: Allied Assault
    Medal of Honor: Allied Assault Breakthrough
    Medal of Honor: Allied Assault Spearhead
    Medal of Honor: Pacific Assault
    Multi Theft Auto
    Nascar Thunder 2004
    NeverWinter Nights
    NeverWinter Nights 2
    Nexuiz
    Open Transport Tycoon Deluxe
    Operation Flashpoint
    PainKiller
    Plain Sight
    Prey
    Quake 2
    Quake 3
    Quake 4
    Quake World
    RFactor
    Raven Shield
    Red Orchestra
    S.T.A.L.K.E.R.
    S.T.A.L.K.E.R. Clear Sky
    SWAT 4
    San Andreas Multiplayer
    Savage
    Savage 2
    Serious Sam
    Serious Sam 2
    Shattered Horizon
    Soldat
    Soldier of Fortune 2
    Star Wars: Battlefront
    Star Wars: Battlefront 2
    Star Wars: Republic Commando
    StarTrek Elite-Force
    Team Fortress: Source
    Teeworlds
    Tribes ( Starsiege )
    Tribes 2
    Tribes Vengeance
    Unreal Tournament
    Unreal Tournament 2003
    Unreal Tournament 2004
    Unreal Tournament 3
    UrbanTerror
    Vice City Multiplayer
    Vietcong
    Vietcong 2
    Warsow
    Warsow ( 0.4.2 and older )
    Wolfenstein
    Wolfenstein: Enemy Territory
    Wolfenstein: Return To Castle Wolfenstein
    Карта:
    Инфо / Баннеры / Web-Модуль / Комментарии
    Элитные бродяги

    Статус: Online
    Адрес: 91.211.117.26
    Порт: 27017
    Пароль: Нет
    Голоса: 906
    Тип: css
    Игра: cstrike
    Карта: aim_map
    Игроков: 3 / 10
    Баннеры:
    MISSING OR INVALID SERVER ID
    Топ Карты

    de_dust2_2x2
    на 4 серверах

    awp_india
    на 2 серверах

    gg_office_mini
    на 1 сервере

    deathrun_2h
    на 1 сервере

    cp_orange_x3_exe
    на 1 сервере

http://tf2.sloboda.net/?s=556#.V0C5qfmDFBc

Comments are closed.

%d bloggers like this: