wkitty42 at ...14940...
Tue Jan 29 16:10:34 EST 2013
On 1/29/2013 15:02, Jeff Jarmoc wrote:
> Obfuscated redirect to hxxp://www.news.com.december.bestdrops.2012.fxsprime<dot>com
yeah, i don't know what they are doing, either, but i've seen quite a few of
these types of postings... they are easily recognized by their subject line
containing only "Fwd:" and nothing else...
i'm suspecting that they might be looking for specific connections to facilitate
infectious processes... "they" are getting smarter and narrowing their targets
which also assists them in avoiding researchers from determining what they are
doing and how they are doing it :?
> That site in turn gives a 302 to pinterest. Weird that it doesn't seem to do
> anything; maybe it's fingerprinting browsers?
> HTTP/1.1 302 Moved Temporarily
> Server: nginx/1.2.6
> Date: Tue, 29 Jan 2013 20:00:11 GMT
> Content-Type: text/html
> Content-Length: 160
> Connection: keep-alive
> Location: hxxp://www.pinterest.com/ <http://www.pinterest.com/>
> P3P: CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"
> On Tue, Jan 29, 2013 at 1:51 PM, Brad Turnbough <brad.turnbough at ...11827...
> <mailto:brad.turnbough at ...11827...>> wrote:
> hxxp://www.ceccarinisrl.com/h7x1u4.php <http://www.ceccarinisrl.com/h7x1u4.php>
More information about the Snort-users