March 2012 - Posts

Sat, Mar 31 2012 15:46

Dear HP… that really isn’t a very helpful dialogue box…

Just saying…

image

 

The only way to get rid of the darned thing is to fire up Task Manager and shut down the HPWUCli.exe process (sigh)

Posted by sandi with 1 comment(s)
Filed under:
Mon, Mar 26 2012 11:33

Bigpond phish

This email is NOT from Bigpond.

image

Interestingly it seems to have been sent to the @bigpond.com email recipient using a compromised @bigpond.com user account.

image

The source IP address, 180.215.155.152, is in India.

image

If you reply to the email, your email actually goes to webaccountdept@w.cn:

image

w.cn is registered to Xiamen Yi Network Technology Co., Ltd.

The email that I received is dated 22 February 2012; as at 4 March 2012 they were still being seen.

The same reply to address is also being used for a Lottery Scam email.

Posted by sandi with no comments
Filed under:
Fri, Mar 23 2012 12:44

Lots of bad domains…

Thank you to the source – you know who you are Smile

adpointroll.com - 85.93.18.197

adsturn.com - 85.93.18.198

adsvirginmobileusa.com - 85.93.18.200

advirginmobileusa.com - 85.93.18.200

advirginmobileusainc.com - 85.93.18.200

best-serving.com - 85.93.18.202

convertro.net - 85.93.18.201

cpmtrack.net

ctrtrack-15.com - 85.93.18.198

daviselenserver.com - 85.93.18.194, 85.93.18.201

d1openx.com - 85.93.18.208

dlopenx.com - 85.93.18.201

hostcreati.com - 85.93.18.204

interclickctr.com - 85.93.18.198

impsserv.com - 85.93.18.203

letfen.com - 85.93.18.197

novastr.com - 85.93.18.198

pedone-ads.com - 85.93.18.209

runimps.com - 85.93.18.204

statimps.com - 85.93.18.196

stats-tr.com - 85.93.18.197

track-t10.com - 85.93.18.197

t5track.com - 85.93.18.199

wellserving.com - 85.93.18.198

Posted by sandi with 2 comment(s)
Filed under:
Fri, Mar 23 2012 10:44

Impersonator domain - RepEquityinc.com

RepEquityinc.com – reported as impersonating the legitimate domain RepEquity.com and claiming to represent RealtyTrac

ICANN Registrar: BIZCN.COM
Created 2 March 2012
IP: 64.120.234.197

Registrant: Fern Tindell (admin@repequityinc.com)

Sharing IP address with 9 other domains: 1285.ru, blackseoworld.com, canstansa.com, earthclassmail-corporate.com, legalsklad.com, mansuetocorp.com, virtualpostmail.net. vvsmail.com, wbshop.biz

Provided the following impersonator domains as references:

sinclairgroup.us

ICANN Registrar: TODAYNIC.COM
Created 5 March 2012
IP: 64.120.234.196

Registrant: Sinclair Broadcast Group, Inc (web@sinclairgroup.us)

lnnetwork.com

ICANN Registrar: TODAYNIC.COM
Created 5 March 2012
IP: 64.120.234.195

Registrant: Live Nation Worldwide (dns@livenation.com)

zyngaincorporated.com

ICANN Registrar: BIZCN.COM
Created 7 March 2012
IP: loopback (127.0.0.2)

Registrant: Idea Engineering Inc (admin@dnstination.com)

Posted by sandi with no comments
Filed under:
Fri, Mar 23 2012 10:33

BIZCN.COM has a headache…

image

Posted by sandi with no comments
Filed under:
Fri, Mar 23 2012 10:32

Reported as being used for malvertizing - metsotr.com

metsotr.com

ICANN Registrar: BIZCN.COM
Created 19 March 2012
IP: 85.93.18.205

Registrant: Alfred Steele (1@contrackcrt.com)

Shares IP with contrackcrt.com

ICANN Registrar: BIZCN.COM

Created 19 March 2012

Registrant: Alfred Steele 1@contrackcrt.com

Posted by sandi with no comments
Filed under:
Fri, Mar 23 2012 10:25

Reported as being used for malvertizing - adsturn.com

adsturn.com Note: do not confuse with the legitimate domain ads.turn.com

ICANN Registrar: TODAYNIC.COM
IP: 85.93.18.198
Created 9 March 2012

Registrant: Michael V Simpson (michaelvsimpson@gmail.com)

Some digging brings up interclickctr.com sharing IP address

ICANN Registrar: BIZCN.COM
Created 9 March 2012

Registrant: INST Ads (cpmtrack@cpmtrack.net)

cpmtrack.net

ICANN Registrar: BIZCN.COM
Created 9 March 2012

Registrant: INST Ads (cpmtrack@cpmtrack.net)

Posted by sandi with no comments
Filed under:
Fri, Mar 23 2012 10:18

Reported as being used for malvertizing - daviselenserver.com

daviselenserver.com

ICANN Registrar: BIZCN.COM
Created 7 March 2012
IP: 85.93.18.201

Registrant: Davis Elen Advertising (admin@daviselenmedia.comNote: This domain is reported as attempting to impersonate the legitimate domain daviselen.com

Shares IP with convertro.net and dlopenx.com

dlopenx.com is of particular interest, bearing in mind the potential for impersonating legitimate openx domains.

ICANN Registrar: BIZCN.COM
Created 7 March 2012

Registrant: Davis Elen Advertising (admin@daviselenmedia.com)

Posted by sandi with no comments
Filed under:
Fri, Mar 23 2012 10:11

Reported as being used in malvertizing - adpointroll.com

NOTE: Do not confuse with the legitimate ad.pointroll.com

 

Bad domain: adpointroll.com

ICANN Registrar: BIZCN.COM
Created 8 March 2012
IP: 72.8.150.30

Registrant: Pointroll (jacksosomands@statip.net) Note similarity to registrant email of best-serving.com mentioned here.

Shares IP with 515 domains.

Posted by sandi with no comments
Filed under:
Fri, Mar 23 2012 10:07

Reported as being used in malvertizing - cpmstatalpha.com

cpmstatalpha.com

ICANN Registrar: TODAYNIC.COM
Created 9 March 2012
IP: 85.93.18.202

Registrant: Michael P Eaton (michaelpeatonin@gmail.com)

 

Shares IP with best-serving.com

ICANN Registrar: BIZCN.COM
Created 14 March 2012

Registrant: Best Serving, Hazel Cooper (jacksosomands@gmail.com)

Posted by sandi with no comments
Filed under:
Fri, Mar 23 2012 10:03

Please treat OrangeStarAdvertising.com with extreme caution

OrangeStarAdvertising.com

ICANN Registrar: TODAYNIC.COM
Created 26 January 2012
IP: 64.120.234.195

Registrant: Oralia L. Bouie (admin@orangestaradvertising.com)

Sharing IP at time of writing with 17003.org and Innetwork.com

Posted by sandi with no comments
Filed under:
Fri, Mar 23 2012 9:59

You don’t want to open that attachment… seriously…

Don’t open the attachment, ok?

“Your bought ticket is attached to the letter as a scan document (Internet Exlporer File)…”  {love the mis-spelling}

image

Posted by sandi with no comments
Filed under: ,