Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Thursday, 20 February 2014

Suspect Cushion redirect on 62.212.128.22

I'm not entirely sure of what the payload is, but there is an apparent cushion redirect running on 62.212.128.22 (XenoSite, Netherlan...

Wednesday, 19 February 2014

Somnath Bharti - porn site operator?

I seem to have written a lot about Somnath Bharti lately, and he's certainly a topic of interest in Indian politics. I'm not going ...

Tuesday, 18 February 2014

Eisenburg, Whitman & Associates LLC (eisenburgwhitmancca.com) fake testimonial

Eisenburg, Whitman & Associates LLC is meant to be some sort of Florida-based debt collector, although their website at eisenburgwhitma...

"Please look my CV" spam

This spam comes with a malicious payload: Date: Mon, 17 Feb 2014 13:31:32 -0500 [02/17/14 13:31:32 EST] From: My CV [arina672...

Monday, 17 February 2014

Fake Evernote "Image has been sent" spam with RU:8080 payload

I've know that the RU:8080 gang appears to have been back for a while, but I haven't had a lot of samples.. here's a new one ...

Sunday, 16 February 2014

"Account Credited" / TTCOPY.jar spam

This spam email comes with a malicious .JAR attachment: From: Tariq Bashir muimran@giki.edu.pk Reply-To: Tariq Bashir [ta.ba@ho...

Friday, 14 February 2014

Malware sites to block 14/2/14

This bunch of OVH Canada hosted nameserver and IP ranges are supporting malware distribution via the Nuclear Exploit Kit (as described her...

Wednesday, 12 February 2014

"Track shipments/FedEx" spam

This fake FedEx spam leads to malware: Date: Wed, 12 Feb 2014 07:53:36 -0700 [09:53:36 EST] From: FedEx [yama@rickyz.jp] Subj...

Malware (Neutrino EK?) sites to block 12/2/14

The following IPs and domains appear to be in use for spreading exploit kits via injection attacks - 108.178.7.118 (Singlehop, US) [1] [...

Video: Somnath Bharti's links to TopSites LLC

Articles on Somnath Bharti and TopSites LLC

You can find some of the history about TopSites LLC and Mr Bharti's involvement in my old "diary" articles written between 200...

Monday, 10 February 2014

81.4.106.132 / oochooch.com / 10qnbkh.xip.io

I don't like the look of this [urlquery], seems to be the payload site for some sort of injection attack. Might be worth blocklisting 8...

Evil .pw domains on 31.41.221.131 to 31.41.221.135

Thanks to Malekal for the heads up , the current batch of evil .pw domains that have been distributing malware appear to have shifted to t...

Saturday, 8 February 2014

Somnath Bharti's allwebhunt.com linked to pro-pedophilia sites

Delhi minister Somnath Bharti 's allwebhunt.com site was linking to pro-pedophilia sites as late as 31st December 2013, according to Go...

Friday, 7 February 2014

Headlines Today (India): Somnath Bharti's spammer connection

I'm not sure what all this fascination is with Mr Bharti's alleged connections to porn.. I've never found any evidence that he h...

Somnath Bharti denies link to TopSites LLC in 2004

This is Somnath Bharti's denial of any involvement in TopSites LLC (explored here and in other posts ). I believe that the evidence of ...

Something evil on 69.64.39.166

69.64.39.166 (Hosting Solutions International, US) appears to be hosting an exploit kit (possibly Fiesta ) according to URLquery reports ...

"Authorization to Use Privately Owned Vehicle on State Business" spam

We've seen this particular type of malware-laden spam before.. Date: Fri, 7 Feb 2014 17:08:16 +0700 [05:08:16 EST] From: ...

rbs.co.uk "Important Docs" spam

This fake spam claiming to be from the Royal Bank of Scotland has a malicious attachment: Date: Fri, 7 Feb 2014 15:44:19 +0530 [05...

I love Google's home page..

I love Google's home page today..

View web version

Powered by Blogger.