On Fri, 2009-06-19 at 00:28 +0200, Benny Pedersen wrote:
> On Fri, June 19, 2009 00:22, Yet Another Ninja wrote:
>
> > w-crook.com.ar.multi.uribl.com has address 127.0.0.2
> > w-crook.com.ar.multi.surbl.org has address 127.0.0.46
>
> it now make sense with ttl in 300 sec :)
>
> but if i get time
On 6/19/2009 12:28 AM, Benny Pedersen wrote:
On Fri, June 19, 2009 00:22, Yet Another Ninja wrote:
w-crook.com.ar.multi.uribl.com has address 127.0.0.2
w-crook.com.ar.multi.surbl.org has address 127.0.0.46
it now make sense with ttl in 300 sec :)
I've been told it was detected on 2009-06-17
On Fri, June 19, 2009 00:22, Yet Another Ninja wrote:
> w-crook.com.ar.multi.uribl.com has address 127.0.0.2
> w-crook.com.ar.multi.surbl.org has address 127.0.0.46
it now make sense with ttl in 300 sec :)
but if i get time, i would make meta rules to spot the phish sometime
is the exe even de
On 6/19/2009 12:10 AM, Benny Pedersen wrote:
On Thu, June 18, 2009 23:53, fchan wrote:
http://pastebin.ca/1465411
make a meta rule for line 24 25 35
solved
i would like to hold your credit card for a moment, and you would like to
download phising report in a exe file ? :)
???
w-crook.c
On Thu, June 18, 2009 23:53, fchan wrote:
> http://pastebin.ca/1465411
make a meta rule for line 24 25 35
solved
i would like to hold your credit card for a moment, and you would like to
download phising report in a exe file ? :)
--
xpoint
On 6/18/2009 11:53 PM, fchan wrote:
I was doing some reading some spam mail to feed sa-learn and found this
message with this interesting phished domain name. At least they told me
who they were:
http://pastebin.ca/1465411
URI pointed to malware
site has been suspended
a toast to W3-Server
