tech support 9

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 5 March 2013

Something evil on 5.9.196.3 and 5.9.196.6

Posted on 06:21 by Unknown


Two IPs in the 5.9.196.0/28 block that you probably want to avoid are 5.9.196.3 and 5.9.196.6. The first of these IPs is being used in an injection attack (in this case via [donotclick]frasselt-kalorama.nl/relay.php) leading to two identified malware landing pages:

[donotclick]kisielius.surfwing.me/world/explode_conscious-scandal.jar (report here)
[donotclick]
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Hetzner, Injection Attacks, Malware, Viruses | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Registered Express Corporation (RGTX) pump and dump spam
    It's taken me a few days to get around to this due to moving house, but here's a new pump-and-dump spam run promoting a stock Regist...
  • "CEO Portal Statements & Notices Event" spam / report_{DIGIT[12]}.exe
    This fake Wells Fargo email has a malicious attachment: Date:      Fri, 16 Aug 2013 09:51:17 -0500 [10:51:17 EDT]From:      Wells Fargo Even...
  • ACH file ID "999.107" has been processed successfully spam / www.fiscdp.com.airfare-ticketscheap.com
    This fake FISC ACH spam leads to malware on www.fiscdp.com.airfare-ticketscheap.com: Date:      Tue, 10 Sep 2013 17:05:49 +0530 [07:35:49 ED...
  • USPS spam / Label_ZFRLOADD5PGGZ0Z_USPS.zip
    This fake USPS spam has a malicious attachment: Date:      Tue, 15 Oct 2013 09:36:02 -0500 [10:36:02 EDT]From:      USPS Express Services [s...
  • StumbleUpon spam / drugstorepillstablets.ru
    This fake StumbleUpon spam is something new, it leads to a fake pharma site on drugstorepillstablets.ru: Date:      Mon, 4 Feb 2013 01:01:46...
  • "Support Center" spam / phticker.com
    Not malware this time, but this fake "Support Center" spam leads to a fake pharma site at phticker.com: Date:      Mon, 11 Feb 201...
  • inukjob.com fake job offer (also ineurojob.com and hollandsjob.com)
    This fake job offer from inukjob.com involves illegal money laundering, and it also seems that the scammers want to use your identity for ...
  • Dealerbid.co.uk "Quotation.zip" spam with malicious VBS script
    The website dealerbid.co.uk has been compromised and their servers hacked in order to send spam to their customer list. Something similar ha...
  • Fake Staples spam leads to malware on tootle.us
    This fake Staples spam leads to malware on a site called tootle.us: Date:      Wed, 2 Oct 2013 08:40:11 -0500 [09:40:11 EDT]From:      suppo...
  • Laughable advanced fee fraud scam promises $2.5
    Two-and-a-half bucks? I think I'll pass. From:     Mr Anthony Freed [johnewele12@cantv.net]Reply-to:     dhlcorriadeliveryservice@live.c...

Categories

  • .SU
  • 1&1
  • 419
  • ADP
  • Advanced Fee Fraud
  • Advertising
  • Adware
  • AICPA
  • Amazon
  • Amerika
  • Android
  • Anti-Virus Software
  • AOL
  • Apple
  • Aruba
  • Australia
  • Austria
  • BBB
  • Black Hat
  • Blackhole
  • Blogging
  • Botnet
  • Brazil
  • Bulgaria
  • Canada
  • Chile
  • China
  • CNN
  • Colombia
  • CookieBomb
  • Crime
  • CyberBunker
  • Data Breach
  • DHL
  • DOC
  • Domains
  • Dynamic DNS
  • eBay
  • Edis
  • eFax
  • Egypt
  • Emailmovers Ltd
  • Endurance International Group
  • Estonia
  • Evil Network
  • EXE-in-ZIP
  • Facebook
  • Fail
  • Fake Pharma
  • False Positive
  • FedEx
  • Finland
  • France
  • Gandi
  • Germany
  • GHOSTnet
  • GoDaddy
  • Google
  • Greece
  • Hacked sites
  • Hetzner
  • HMRC
  • Hosting
  • Hungary
  • India
  • Injection Attacks
  • Intergenia
  • INTUIT
  • Iran
  • IRS
  • Israel
  • Italy
  • Japan
  • Job Offer Scams
  • Joe Job
  • Jolly Works Hosting
  • Kelihos
  • Kenya
  • Korea
  • Latvia
  • Law
  • Leaseweb
  • LinkedIn
  • Linode
  • Lithuania
  • Lithunia
  • logol.ru
  • Macintosh
  • Magnitude
  • Malware
  • Mea Culpa
  • Microsoft
  • Moldova
  • Money Mule
  • Mongolia
  • NACHA
  • NATO
  • Netherlands
  • Neutrino
  • Nuclear Fallout Enterprises
  • OVH
  • Pakistan
  • Patches
  • PayPal
  • Philippines
  • Phishing
  • Phishtank
  • Phones
  • Pinterest
  • Pizza
  • Poland
  • Politics
  • Porn
  • PPI
  • Printer Spam
  • Privacy
  • Pump and Dump
  • Retro
  • Romania
  • RU:8080
  • Russia
  • Sally Gaskell
  • Scam
  • Scams
  • Senegal
  • Serbia
  • Serverius
  • Sidharth Shah
  • Simply Transit
  • Singapore
  • Slicehost
  • SMS
  • South Africa
  • Spain
  • Spam
  • Stupidity
  • Sweden
  • Sweet Orange
  • Switzerland
  • Syria
  • Taiwan
  • Telepests
  • Thailand
  • TheFirst-RU
  • ThreeScripts
  • Tor
  • Turkey
  • UAE
  • UK2.NET
  • Ukraine
  • UPS
  • US Airways
  • USPS
  • VBScript
  • Virgin Media
  • Viruses
  • Waledac
  • Weather
  • Xeex
  • Yahoo
  • YouTube
  • Zbot
  • Zeus

Blog Archive

  • ▼  2013 (500)
    • ►  November (29)
    • ►  October (37)
    • ►  September (46)
    • ►  August (44)
    • ►  July (62)
    • ►  June (42)
    • ►  May (39)
    • ►  April (67)
    • ▼  March (67)
      • "Please respond - overdue payment" spam / INVOICE_...
      • ADP Spam / ipiniadto.ru
      • Facebook spam / ipiniadto.ru
      • Changelog spam / Changelog_Urgent_N992.doc.exe
      • "Scan from a Xerox W. Pro" spam / ilianorkin.ru
      • NACHA spam / mgithessia.biz
      • "British Airways E-ticket receipts" spam / illumin...
      • "NY TRAFFIC TICKET" spam / hondatravel.ru
      • Wire Transfer spam / hondatravel.ru
      • UPS spam / Label_8827712794.zip
      • eFax Corporate spam / hjuiopsdbgp.ru
      • DHL Spam / LABEL-ID-NY26032013-GFK73.zip
      • NACHA spam / breathtakingundistinguished.biz
      • "Copies of policies" spam / heepsteronst.ru
      • "Scan from a HP ScanJet" spam / humaniopa.ru
      • "Bank of America" spam / PAYMENT RECEIPT 25-03-201...
      • contactemaillists.com / Contact Email Lists / Sall...
      • "Champions Club Community" / championsclubcommunit...
      • Changelog spam / hohohomaza.ru
      • Wire Transfer spam / dataprocessingservice-alerts.com
      • Zendesk "An important notice about security" spam ...
      • Changelog spam / hillairusbomges.ru
      • Facebook spam / scriptuserreported.org
      • "Data Processing Service" spam / airtrantran.com
      • NACHA spam / encodeshole.org
      • "Scan from a Hewlett-Packard ScanJet" spam / hilla...
      • "End of Aug. Statement" spam / hifnsiiip.ru
      • USPS Spam / himalayaori.ru
      • Malware spam: "Opinion: Cyprus banks shut extended...
      • Facebook spam / heelicotper.ru
      • Squeak Data / squeakdata.com spam
      • "End of Aug. Statement Reqiured" spam / hiskintako.ru
      • Malware spam "New Pope Sued For Not Wearing Seat B...
      • LinkedIn spam / applockrapidfire.biz
      • FOG RANT: turn your lights on!
      • ADP Package Delivery Confirmation spam / pictureso...
      • RU:8080 Malware sites to block 15/3/13
      • Samsung Galaxy S4
      • Brian Krebs gets SWATted
      • LinkedIn spam / teenlocal.net
      • "Efax Corporate" spam / gimiinfinfal.ru
      • "Copies of policies" spam / giimiiifo.ru
      • "Wapiti Lease Corporation" spam / giminaaaao.ru
      • Zbot sites to block 13/3/13
      • "End of Aug. Stat. Required" spam / giminkfjol.ru
      • Wire Transfer spam / giminanvok.ru
      • Wire Transfer spam / gimikalno.ru
      • Sidharth Shah / OVH / itechline.com
      • Something evil on 176.31.140.64/28
      • Something evil on 37.59.214.0/28
      • RU:8080 and Amerika spam runs
      • AT&T spam (again)
      • LinkedIn spam / giminalso.ru
      • "Your tax return appeal is declined" / gimilako.ru
      • Adobe CS4 spam / guuderia.ru
      • Malware sites to block 7/3/13
      • BBB Spam / alteshotel.net and bbb-accredited.net
      • Pizza spam / gimalayad.ru
      • BT Business Direct Order Spam / ginagion.ru
      • Sendspace spam / forumkianko.ru
      • "Scan from a Hewlett-Packard ScanJet" spam / gilia...
      • Something evil on 5.9.196.3 and 5.9.196.6
      • "British Airways E-ticket receipts" spam / forum-l...
      • dealerbid.co.uk spam
      • eFax spam / forumla.ru
      • Delta Airlines spam / inanimateweaknesses.net and ...
      • Casino-themed Blackhole sites
    • ►  February (60)
    • ►  January (7)
Powered by Blogger.

About Me

Unknown
View my complete profile