Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Tuesday, 24 November 2020

Websites owned by Philip John Sabin and associated companies

Apropos of nothing, all these websites are hosted on 212.230.207.100 to 213.230.207.109 (Netcalibre, UK) and appear to be owned and controll...

Monday, 18 March 2019

"Central Intelligence Agency - Case #79238516" extortion spam

I've seen various extortion spams over the past 12 months or so, but this one has a particularly vicious twist. If you haven't s...

Tuesday, 22 May 2018

Phishing and fraudulent sites hosted on 188.241.58.60 (Qhoster)

Nigerian registrants. Dodgy Eastern European host offering bulletproof and anonymous hosting. Yup, I very much doubt there is anything le...

Thursday, 10 May 2018

Malware spam: "New documents available for download" / service@barclaysdownloads.co.uk / barclaysdownloads.com

This fake Barclays spam seems to lead to the Trickbot banking trojan. From : Barclays [service@barclaysdownloads.co.uk] Date : 10...

Friday, 4 May 2018

"Best porno ever" Necurs spam

This spam (apparently from the Necurs botnet) promises much, but seems not to deliver. From: Susanne@victimdomain.tld [Susanne@victi...

Sunday, 1 April 2018

New Traffic Light Protocol (TLP) levels for 2018

The Traffic Light Protocol should be familiar to anyone working with sensitive data, with levels RED, AMBER, GREEN and WHITE being used to ...

Thursday, 8 March 2018

"Faster payment" scam is not quite what it seems

I see a lot of "fake boss" fraud emails in my day job, but it's rare that I see them sent to my personal email address. Thes...

Monday, 15 January 2018

Swisscoin [SIC] cryptocurrency spam

Swisscoin is a fairly low-volume self-styled cryptocurrency that has been the target of a Necurs-based spam run starting on Saturday 13th ...

Monday, 4 December 2017

Some random thoughts on Damian Green and those porn allegations

If you live in the UK then you might have noticed the somewhat bizarre furore over Damian Green MP and his alleged viewing of pornography ...

Tuesday, 31 October 2017

Bogus porn blackmail attempt from adulthehappytimes.com

This summary is not available. Please click here to view the post.

Wednesday, 25 October 2017

Updated 3NT Solutions LLP / inferno.name / V3Servers.net IP ranges

[For the February 2021 version of this list, click here ] When I was investigating IOCs for the recent outbreak of BadRabbit ransomware I...

Tuesday, 24 October 2017

Malware spam: "Order acknowledgement for BEPO/N1/380006006(2)"

A change to the usual Necurs rubbish, this fake order has a malformed .z archive file which contains a malicious executable with an icon t...

Tuesday, 17 October 2017

Evil network: Fast Serv Inc / Qhoster.com

Checking these IOCs for this latest Flash 0-day came up with an interesting IP address of 89.45.67.107 which belongs to Fast Serv Inc ak...

Sunday, 8 October 2017

Scam: "Help Your Child To Be A Professional Footballer." / info@champ-footballacademyagency.co.uk

This spam email is a scam: Subject : Help Your Child To Be A Professional Footballer. From : "FC Academy" [csa@sa...

View web version

Powered by Blogger.