Snort mailing list archives

Re: Fwd:

From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 29 Jan 2013 16:10:34 -0500

On 1/29/2013 15:02, Jeff Jarmoc wrote:

Obfuscated redirect to hxxp://www.news.com.december.bestdrops.2012.fxsprime<dot>com


yeah, i don't know what they are doing, either, but i've seen quite a few of 
these types of postings... they are easily recognized by their subject line 
containing only "Fwd:" and nothing else...

i'm suspecting that they might be looking for specific connections to facilitate 
infectious processes... "they" are getting smarter and narrowing their targets 
which also assists them in avoiding researchers from determining what they are 
doing and how they are doing it :?

That site in turn gives a 302 to pinterest.  Weird that it doesn't seem to do
anything; maybe it's fingerprinting browsers?

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.2.6
Date: Tue, 29 Jan 2013 20:00:11 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
Location: hxxp://www.pinterest.com/ <http://www.pinterest.com/>
P3P: CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"


On Tue, Jan 29, 2013 at 1:51 PM, Brad Turnbough <brad.turnbough () gmail com
<mailto:brad.turnbough () gmail com>> wrote:

    hxxp://www.ceccarinisrl.com/h7x1u4.php <http://www.ceccarinisrl.com/h7x1u4.php>




------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Fwd: Brad Turnbough (Jan 29)
- Re: Fwd: Jeff Jarmoc (Jan 29)
  - Re: Fwd: waldo kitty (Jan 29)
    - Re: Fwd: Eric G (Jan 29)
    - Re: Fwd: Joel Esler (Jan 29)
    - Re: Fwd: waldo kitty (Jan 30)
  - Re: Fwd: Bjoern Meier (Jan 30)