tech support 9

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 23 April 2013

Something evil on 173.246.104.104

Posted on 08:33 by Unknown


173.246.104.104 (Gandi, US) popped up on my radar after a malvertising attack apparently utilising a hacked OpenX server (I'm not 100% which one so I won't name names) and leading to a payload on [donotclick]laserlipoplasticsurgeon.com/news/pint_excluded.php (report here).

Both VirusTotal and  URLquery detect multiple malicious domains on this IP. It appears that the domains were originally
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Blackhole, Gandi, Malware, Spam, Viruses | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Registered Express Corporation (RGTX) pump and dump spam
    It's taken me a few days to get around to this due to moving house, but here's a new pump-and-dump spam run promoting a stock Regist...
  • "CEO Portal Statements & Notices Event" spam / report_{DIGIT[12]}.exe
    This fake Wells Fargo email has a malicious attachment: Date:      Fri, 16 Aug 2013 09:51:17 -0500 [10:51:17 EDT]From:      Wells Fargo Even...
  • ACH file ID "999.107" has been processed successfully spam / www.fiscdp.com.airfare-ticketscheap.com
    This fake FISC ACH spam leads to malware on www.fiscdp.com.airfare-ticketscheap.com: Date:      Tue, 10 Sep 2013 17:05:49 +0530 [07:35:49 ED...
  • USPS spam / Label_ZFRLOADD5PGGZ0Z_USPS.zip
    This fake USPS spam has a malicious attachment: Date:      Tue, 15 Oct 2013 09:36:02 -0500 [10:36:02 EDT]From:      USPS Express Services [s...
  • StumbleUpon spam / drugstorepillstablets.ru
    This fake StumbleUpon spam is something new, it leads to a fake pharma site on drugstorepillstablets.ru: Date:      Mon, 4 Feb 2013 01:01:46...
  • "Support Center" spam / phticker.com
    Not malware this time, but this fake "Support Center" spam leads to a fake pharma site at phticker.com: Date:      Mon, 11 Feb 201...
  • inukjob.com fake job offer (also ineurojob.com and hollandsjob.com)
    This fake job offer from inukjob.com involves illegal money laundering, and it also seems that the scammers want to use your identity for ...
  • Dealerbid.co.uk "Quotation.zip" spam with malicious VBS script
    The website dealerbid.co.uk has been compromised and their servers hacked in order to send spam to their customer list. Something similar ha...
  • Fake Staples spam leads to malware on tootle.us
    This fake Staples spam leads to malware on a site called tootle.us: Date:      Wed, 2 Oct 2013 08:40:11 -0500 [09:40:11 EDT]From:      suppo...
  • Laughable advanced fee fraud scam promises $2.5
    Two-and-a-half bucks? I think I'll pass. From:     Mr Anthony Freed [johnewele12@cantv.net]Reply-to:     dhlcorriadeliveryservice@live.c...

Categories

  • .SU
  • 1&1
  • 419
  • ADP
  • Advanced Fee Fraud
  • Advertising
  • Adware
  • AICPA
  • Amazon
  • Amerika
  • Android
  • Anti-Virus Software
  • AOL
  • Apple
  • Aruba
  • Australia
  • Austria
  • BBB
  • Black Hat
  • Blackhole
  • Blogging
  • Botnet
  • Brazil
  • Bulgaria
  • Canada
  • Chile
  • China
  • CNN
  • Colombia
  • CookieBomb
  • Crime
  • CyberBunker
  • Data Breach
  • DHL
  • DOC
  • Domains
  • Dynamic DNS
  • eBay
  • Edis
  • eFax
  • Egypt
  • Emailmovers Ltd
  • Endurance International Group
  • Estonia
  • Evil Network
  • EXE-in-ZIP
  • Facebook
  • Fail
  • Fake Pharma
  • False Positive
  • FedEx
  • Finland
  • France
  • Gandi
  • Germany
  • GHOSTnet
  • GoDaddy
  • Google
  • Greece
  • Hacked sites
  • Hetzner
  • HMRC
  • Hosting
  • Hungary
  • India
  • Injection Attacks
  • Intergenia
  • INTUIT
  • Iran
  • IRS
  • Israel
  • Italy
  • Japan
  • Job Offer Scams
  • Joe Job
  • Jolly Works Hosting
  • Kelihos
  • Kenya
  • Korea
  • Latvia
  • Law
  • Leaseweb
  • LinkedIn
  • Linode
  • Lithuania
  • Lithunia
  • logol.ru
  • Macintosh
  • Magnitude
  • Malware
  • Mea Culpa
  • Microsoft
  • Moldova
  • Money Mule
  • Mongolia
  • NACHA
  • NATO
  • Netherlands
  • Neutrino
  • Nuclear Fallout Enterprises
  • OVH
  • Pakistan
  • Patches
  • PayPal
  • Philippines
  • Phishing
  • Phishtank
  • Phones
  • Pinterest
  • Pizza
  • Poland
  • Politics
  • Porn
  • PPI
  • Printer Spam
  • Privacy
  • Pump and Dump
  • Retro
  • Romania
  • RU:8080
  • Russia
  • Sally Gaskell
  • Scam
  • Scams
  • Senegal
  • Serbia
  • Serverius
  • Sidharth Shah
  • Simply Transit
  • Singapore
  • Slicehost
  • SMS
  • South Africa
  • Spain
  • Spam
  • Stupidity
  • Sweden
  • Sweet Orange
  • Switzerland
  • Syria
  • Taiwan
  • Telepests
  • Thailand
  • TheFirst-RU
  • ThreeScripts
  • Tor
  • Turkey
  • UAE
  • UK2.NET
  • Ukraine
  • UPS
  • US Airways
  • USPS
  • VBScript
  • Virgin Media
  • Viruses
  • Waledac
  • Weather
  • Xeex
  • Yahoo
  • YouTube
  • Zbot
  • Zeus

Blog Archive

  • ▼  2013 (500)
    • ►  November (29)
    • ►  October (37)
    • ►  September (46)
    • ►  August (44)
    • ►  July (62)
    • ►  June (42)
    • ►  May (39)
    • ▼  April (67)
      • "Your Wire Transfer 82932922 canceled" spam / Paym...
      • Something evil on 96.126.108.132
      • "Requested Reset of Yoyr PayPal Password" spam / f...
      • Is CB3ROB a champion of free speech? Or a spammer?
      • Something evil on 199.71.212.122
      • Something evil on 193.107.16.213 / Ideal Solution Ltd
      • "USPS delivery failure report" spam / LABEL-ID-567...
      • RU:8080 timeline
      • The "Signature Strengths" (behaviourlibrary.com) f...
      • "Organ donation" spam
      • "New Secure Message" spam / pricesgettos.info
      • American Express spam / SecureMail.zip
      • Need a new PDP-11 or VAX?
      • Something evil on 151.248.123.170
      • "CareerBuilder Notification" spam / CB_Offer_04232...
      • Something evil on 173.246.104.104
      • DHL Spam / DHL-LABEL-ID-2456-8344-5362-5466.zip
      • "Loss Avoidance Alerts" spam / tempandhost.com
      • Malware sites to block 22/4/13
      • OVH WTF
      • American Express spam / CD0199381.434469398992.zip
      • Squeaky Data / squeakydata.co.uk spam
      • "Fertilizer Plant Explosion Near Waco, Texas" spam
      • Malware sites to block 18/4/13, revisited
      • West, Texas explosion: be on the lookout for malwa...
      • Malware sites to block 18/4/13
      • PayPal spam / dialupwily.org
      • CNN.com Boston Marathon spam / thesecondincomee.com
      • BBB Spam / freedblacks.net
      • BBB Spam / janariamko.ru
      • "Boston Marathon" spam / askmeaboutcctv.com
      • Disgraceful Arif Khan / Mak Media spam
      • "Fiserv Secure Email Notification" spam
      • MS13-036 buggy, withdrawn
      • UPS spam / juliamanako.ru
      • "Spotlite Radio" / spotliteradio2013.com spam
      • Changelog spam / juliaroberzs.ru
      • "Verizon Wireless" spam / jamtientop.ru
      • Congratulations! You are the one millionth visitor...
      • Malware sites to block 10/4/13 - part II
      • BBB Spam / jamiliean.ru
      • "Your credit line percent was changed" spam / judi...
      • Malware sites to block 10/4/13
      • ICANN: thanks for the malware spam / mailedspokesp...
      • Top porn sites lead to malware
      • Intuit spam / juhajuhaa.ru
      • LinkedIn spam / jonahgkio.ru
      • "Unable to process your most recent Bill Payment" ...
      • HP ScanJet spam / jundaio.ru
      • "Kissinger: Thatcher's strong beliefs" spam / ighj...
      • "M&I Bank bankruptcy" spam / ighjaooru.ru
      • Beware of jonejonesonley.org
      • Facebook "Reminder: Reset your password" spam / ac...
      • "Updated information" spam / accooma.org / classic...
      • "Copies of Policies" spam / ifikangloo.ru
      • "End of Aug. Statement" spam / ijsiokolo.ru
      • "Speech.doc" legal spam / itriopea.ru
      • "British Airways" spam / igionkialo.ru
      • "Bill Me Later" spam / PP_BillMeLater_Receipe04032...
      • "Have you seen how much money has Cameron spent on...
      • eFax spam / ivanikako.ru
      • Author Iain Banks has terminal cancer
      • Something evil on 151.248.123.170
      • And this is why people don't trust lawyers..
      • Sendspace spam / imbrigilia.ru
      • "End of Aug. Statement Required" spam / ivanovopos...
      • "Russian Hackers" spam / kidala.info / hack-sell.su
    • ►  March (67)
    • ►  February (60)
    • ►  January (7)
Powered by Blogger.

About Me

Unknown
View my complete profile