220 0 <qH76F.2207$845.363@fx19.fr7> article
Path: ...!news.unit0.net!peer02.am4!peer.am4.highwinds-media.com!peer02.fr7!futter-mich.highwinds-media.com!news.highwinds-media.com!fx19.fr7.POSTED!not-for-mail
Subject: Re: Malware WAS detected on the Tekrider site (Screenshot PROOF!)
Newsgroups: alt.computer.workshop,uk.comp.sys.mac,rec.photo.digital
References: <YJH4F.3$S25.0@fx29.fr7>
 <65-dnTRBRrgU0s7AnZ2dnUU7-fXNnZ2d@giganews.com> <%LO4F.5$x57.2@fx10.fr7>
 <0001HW.2304EE7402B1F460700005DB838F@news.supernews.com>
 <rK75F.1761$it5.449@fx12.fr7>
 <0001HW.2305748C02D1623B70000FFCF38F@news.supernews.com>
 <rRf5F.17$845.8@fx19.fr7>
 <0001HW.2306E21E032710F770000C1DF38F@news.supernews.com>
 <qj6kip$k66$1@gioia.aioe.org> <cuD5F.20$845.8@fx19.fr7>
 <qj93g7$vnf$1@dont-email.me> <%wU5F.4003$x57.95@fx10.fr7>
 <qj9mj8$4lk$1@gioia.aioe.org> <Aa_5F.1930$SK1.831@fx22.fr7>
 <qj9sa4$287$2@dont-email.me> <JF_5F.4255$it5.782@fx12.fr7>
 <qj9tt3$hl7$1@dont-email.me> <M7%5F.87613$3s7.55117@fx01.fr7>
 <ma%5F.87614$3s7.65668@fx01.fr7> <qja2dv$80f$1@dont-email.me>
 <F976F.3264$SK1.2882@fx22.fr7> <vf76F.3381$SK1.576@fx22.fr7>
From: ~BD~ <dgb@nomail.invalid>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0)
 Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <vf76F.3381$SK1.576@fx22.fr7>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Lines: 74
Message-ID: <qH76F.2207$845.363@fx19.fr7>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Sun, 18 Aug 2019 08:07:50 UTC
Organization: blocknews - www.blocknews.net
Date: Sun, 18 Aug 2019 09:07:49 +0100
X-Received-Bytes: 4111
X-Received-Body-CRC: 4128906125

On 18/08/2019 08:38, ~BD~ wrote:
> On 18/08/2019 08:31, ~BD~ wrote:
>> On 18/08/2019 00:25, Beauregard T. Shagnasty wrote:
>>> ~BD~ The Liar of Devon wrote:
>>>
>>>> On 17/08/2019 23:23, ~BD~ wrote:
>>>>> On 17/08/2019 23:08, Beauregard T. Shagnasty wrote:
>>>>>> Tell him yourself.
>>>>>
>>>>> No. I prefer not to respond to 'SHADOW' who includes 'THAT' link
>>>>> deliberately so that I WON'T respond to him! He's a *LUZER*!
>>>
>>> The only luzer in this newsgroup is you.
>>
>> False
>>
>>>>> Here's that item again - the item that was *found by scanning YOUR
>>>>> website*. Different format this time!
>>>>
>>>> https://www.dropbox.com/s/hyh9yiwi9u3ubno/BT%20Web%20Protect%20warning%
>>> 20%2012%20June%202017.tiff?dl=0
>>>>
>>>>> Try, just once more, to explain away how your website wasn't
>>>>> DELIBERATELY redirecting folk to nasty places on the Internet.
>>>>> There are many more folk listening in now. Go ahead - the floor is
>>>>> yours!
>>>>
>>>> Oops!
>>>
>>> I have no idea what you are talking about. You didn't post anything 
>>> about
>>> *my* website. I have nothing to do with any ".cc" sites. ".cc" is the 
>>> tld
>>> for: "eNIC Cocos (Keeling) Islands Pty. Ltd. d/b/a Island Internet
>>> Services".
>>
>> Shirley you haven't forgotten?
>>
>> Here it is again:-  https://i.imgur.com/JCa39b8.jpg
>>
>> Javascript *WAS* found - on *YOUR* website.
>>
>> This image has not been 'doctored' in any way (Pun intended!) no 
>> matter WHAT 'Shadow' may claim!!!
>>
>> PS  The link is *SAFE* 
>> https://www.virustotal.com/gui/url/43b19f15087722b8fdaf86e9cf81c5fcbcdaf662b6eb489386ec6ecd148b1ace/detection 
> 
> 
> 
> *Web scripts can silently rewrite that URL* – and throw you into an 
> internet wormhole!
> 
> By Thomas Claburn in San Francisco 15 Aug 2019 at 07:08

Oops! I forgot to mention .....

That wasn't the only warning I determined:- See 
https://i.imgur.com/XKNs48x.jpg

That link shows a report finding I obtained from MX Toolbox 
https://mxtoolbox.com/AboutUs.aspx

I don't BLAME Bts, the owner of the site. Anyone running a web site is 
subject to it being contaminated by the work of 'bad guys'. My only 
gripe is that Bts blames the tools I used instead of admitting that, in 
spite of half a million miles in IT, he STILL got hacked! ;-)

www.tekrider.net appeared to be 'clean' the last time I checked it. That 
is GOOD news! :-D

-- 
David B.
Devon