Sponsored by..

Showing posts with label Pinterest. Show all posts
Showing posts with label Pinterest. Show all posts

Tuesday 30 July 2013

"Your password on Pinterest was Successfully modified!" spam / onsayoga.net

This fake Pinterest spam leads to malware on onsayoga.net:

Date:      Tue, 30 Jul 2013 11:17:28 -0500 [12:17:28 EDT]
From:      Pinterest [caulksf8195@customercare.pinterrest.net]
Subject:      Your password on Pinterest was Successfully modified!

A Few Updates...
[redacted]
  
[redacted]  

Changing your password is complete. Please use the link below within 24 hours. reset. Receive New Password to email.
  
Ask for a New Password  
            
Pinterest is a tool for collecting and organizing things you love.

This email was sent to [redacted].
Don’t want activity notifications? Change your email preferences.

©2013 Pinterest, Inc. | All Rights Reserved
Privacy Policy | Terms and Conditions

The link goes through a legitimate hacked site and then on to [donotclick]www.pinterest.com.onsayoga.net/news/pinterest-paswword-changes.php (report here) which is hosted on the following IPs:
95.111.32.249 (Megalan EAD, Bulgaria)
122.128.109.46 (Ximbo / CPCnet, Hong Kong)
209.222.67.251 (Razor Inc, US)

These IPs are controlled by this gang and form part of this large network of malicious IPs and domains. I recommend you use that list in conjunction with blocking onsayoga.net.

Thursday 28 June 2012

Pinterest Spam / medicarewichi.com

Spammers will try anything.. this email pretends to be from Pinterest but it actually appears to lead to a fake pharma site at medicarewichi.com.

From: Pinterest [mailto:pinbot@pinterest.com]
Sent: 28 June 2012 14:41
Subject: New pins added

Hi!

    With millions of new pins added every week, we connecting people all over the world based on shared tastes and interests.        Explore pins   

©2012 Pinterest, Inc. | All Rights Reserved.
Privacy Policy | Terms and Conditions


The spamvertised site is hosted on 91.238.180.92 which looks like a cesspit of toxic sites and is probably best blocked.