tech support 9

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 19 June 2013

Something evil on 205.234.139.169

Posted on 04:20 by Unknown


205.234.139.169 (Hostforweb, US) appears to be hosting a bunch of Java exploits being served up on subdomains of hacked GoDaddy domains. The malware looks like it is being served up in some sort of injection attack. Here are some example URLs of badness:

[donotclick]blog2.stefuraassociatesinc.com:6842/ServerAdministrator/keys/pairs/applet.jnlp[donotclick]blog2.stefuraassociatesinc.com:6842/
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in GoDaddy, Injection Attacks, Malware, Viruses | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Registered Express Corporation (RGTX) pump and dump spam
    It's taken me a few days to get around to this due to moving house, but here's a new pump-and-dump spam run promoting a stock Regist...
  • "CEO Portal Statements & Notices Event" spam / report_{DIGIT[12]}.exe
    This fake Wells Fargo email has a malicious attachment: Date:      Fri, 16 Aug 2013 09:51:17 -0500 [10:51:17 EDT]From:      Wells Fargo Even...
  • ACH file ID "999.107" has been processed successfully spam / www.fiscdp.com.airfare-ticketscheap.com
    This fake FISC ACH spam leads to malware on www.fiscdp.com.airfare-ticketscheap.com: Date:      Tue, 10 Sep 2013 17:05:49 +0530 [07:35:49 ED...
  • USPS spam / Label_ZFRLOADD5PGGZ0Z_USPS.zip
    This fake USPS spam has a malicious attachment: Date:      Tue, 15 Oct 2013 09:36:02 -0500 [10:36:02 EDT]From:      USPS Express Services [s...
  • StumbleUpon spam / drugstorepillstablets.ru
    This fake StumbleUpon spam is something new, it leads to a fake pharma site on drugstorepillstablets.ru: Date:      Mon, 4 Feb 2013 01:01:46...
  • "Support Center" spam / phticker.com
    Not malware this time, but this fake "Support Center" spam leads to a fake pharma site at phticker.com: Date:      Mon, 11 Feb 201...
  • inukjob.com fake job offer (also ineurojob.com and hollandsjob.com)
    This fake job offer from inukjob.com involves illegal money laundering, and it also seems that the scammers want to use your identity for ...
  • Dealerbid.co.uk "Quotation.zip" spam with malicious VBS script
    The website dealerbid.co.uk has been compromised and their servers hacked in order to send spam to their customer list. Something similar ha...
  • Fake Staples spam leads to malware on tootle.us
    This fake Staples spam leads to malware on a site called tootle.us: Date:      Wed, 2 Oct 2013 08:40:11 -0500 [09:40:11 EDT]From:      suppo...
  • Laughable advanced fee fraud scam promises $2.5
    Two-and-a-half bucks? I think I'll pass. From:     Mr Anthony Freed [johnewele12@cantv.net]Reply-to:     dhlcorriadeliveryservice@live.c...

Categories

  • .SU
  • 1&1
  • 419
  • ADP
  • Advanced Fee Fraud
  • Advertising
  • Adware
  • AICPA
  • Amazon
  • Amerika
  • Android
  • Anti-Virus Software
  • AOL
  • Apple
  • Aruba
  • Australia
  • Austria
  • BBB
  • Black Hat
  • Blackhole
  • Blogging
  • Botnet
  • Brazil
  • Bulgaria
  • Canada
  • Chile
  • China
  • CNN
  • Colombia
  • CookieBomb
  • Crime
  • CyberBunker
  • Data Breach
  • DHL
  • DOC
  • Domains
  • Dynamic DNS
  • eBay
  • Edis
  • eFax
  • Egypt
  • Emailmovers Ltd
  • Endurance International Group
  • Estonia
  • Evil Network
  • EXE-in-ZIP
  • Facebook
  • Fail
  • Fake Pharma
  • False Positive
  • FedEx
  • Finland
  • France
  • Gandi
  • Germany
  • GHOSTnet
  • GoDaddy
  • Google
  • Greece
  • Hacked sites
  • Hetzner
  • HMRC
  • Hosting
  • Hungary
  • India
  • Injection Attacks
  • Intergenia
  • INTUIT
  • Iran
  • IRS
  • Israel
  • Italy
  • Japan
  • Job Offer Scams
  • Joe Job
  • Jolly Works Hosting
  • Kelihos
  • Kenya
  • Korea
  • Latvia
  • Law
  • Leaseweb
  • LinkedIn
  • Linode
  • Lithuania
  • Lithunia
  • logol.ru
  • Macintosh
  • Magnitude
  • Malware
  • Mea Culpa
  • Microsoft
  • Moldova
  • Money Mule
  • Mongolia
  • NACHA
  • NATO
  • Netherlands
  • Neutrino
  • Nuclear Fallout Enterprises
  • OVH
  • Pakistan
  • Patches
  • PayPal
  • Philippines
  • Phishing
  • Phishtank
  • Phones
  • Pinterest
  • Pizza
  • Poland
  • Politics
  • Porn
  • PPI
  • Printer Spam
  • Privacy
  • Pump and Dump
  • Retro
  • Romania
  • RU:8080
  • Russia
  • Sally Gaskell
  • Scam
  • Scams
  • Senegal
  • Serbia
  • Serverius
  • Sidharth Shah
  • Simply Transit
  • Singapore
  • Slicehost
  • SMS
  • South Africa
  • Spain
  • Spam
  • Stupidity
  • Sweden
  • Sweet Orange
  • Switzerland
  • Syria
  • Taiwan
  • Telepests
  • Thailand
  • TheFirst-RU
  • ThreeScripts
  • Tor
  • Turkey
  • UAE
  • UK2.NET
  • Ukraine
  • UPS
  • US Airways
  • USPS
  • VBScript
  • Virgin Media
  • Viruses
  • Waledac
  • Weather
  • Xeex
  • Yahoo
  • YouTube
  • Zbot
  • Zeus

Blog Archive

  • ▼  2013 (500)
    • ►  November (29)
    • ►  October (37)
    • ►  September (46)
    • ►  August (44)
    • ►  July (62)
    • ▼  June (42)
      • jConnect spam / FAX_281_3927981981_283.zip
      • OfficeWorld.com spam / sartorilaw.net
      • ADP spam / spanishafair.com
      • "Southwest Airlines Confirmation: KQR101" spam / m...
      • Something evil on 173.246.104.154
      • "Fiserv Secure Email Notification - TBTATU41DMJDT5...
      • Facebook spam / chinadollars.net
      • DanielMcClintic@hotmail.com fake job offer
      • www.public-trust.com false positive at Phishtank
      • julia.sailor@hotmail.com fake job offer
      • LexisNexis spam FAIL
      • "Unusual Visa card activity" spam / anygus.com
      • luntravel.com are a bunch of stupid spammers
      • ADP spam / planete-meuble-pikin.com
      • Moniker "Security Notice: Service-wide Password Re...
      • HP Spam / HP_Scan_06292013_398.zip FAIL
      • Something evil on 205.234.139.169
      • UPS Spam / rmacstolp.net
      • Something phishy on 92.48.75.214
      • Are OVH finally taking action against spammers?
      • NewEgg.com spam / profurnituree.com
      • Something evil on 85.214.64.153
      • HAIR / Biostem Pump and Dump rakes in the dollars
      • On 195.110.124.133
      • Yahoo! "We want you back" email mystery
      • "Scan from a Xerox WorkCentre" spam / Scan_0612201...
      • Fedex spam / oxfordxtg.net
      • Is this Guy a moron spammer?
      • Malware sites to block 12/6/13
      • BBB Spam / trleaart.net
      • Amazon.com spam / goldcoinvault.com
      • Something evil on 173.255.213.171
      • Wells Fargo spam / Important WellsFargo Doc.exe / ...
      • "PAYVE - Remit file" spam / CD0607213.389710762910...
      • BBB spam / pnpnews.net
      • Malware sites to block 7/6/13
      • USPS spam / USPS_Label_861337597092.zip
      • NatPay "Transmission Confirmation" spam / usforclo...
      • Innex, Inc fake spam
      • rxlogs.net: spam or Joe Job?
      • More Champions Club Community spam
      • "Fiserv Secure Email Notification" spam with an en...
    • ►  May (39)
    • ►  April (67)
    • ►  March (67)
    • ►  February (60)
    • ►  January (7)
Powered by Blogger.

About Me

Unknown
View my complete profile