Editer l'article Suivre ce blog Administration + Créer mon blog
26 mars 2010 5 26 /03 /mars /2010 23:07
Once again, I was not even expecting to get a sample that way...

Here is the
message I received on one of the Skype accounts I use as 'honeypots' (one day ago):


I never requested in any way to receive such ads!

Okay so let's go to 'dreams-lady'. To be honest, at this point, I was really expecting a malicious website, or even a fake portal to steal my CB number...
Sometimes the habit does not help you out at 100%...

However, I was surprised to see the website that responds to dreams-lady. Here is a screenshot:

Looks really like a kindda russian version of meetic, huh? just kidding.

Just in case of, I had a look at the WhoIs. And there came an unexpected surprise:
IP located in China? seems weird.  
Any other information provided by the WhoIs looks relevant to a russian origin.

Just a thought... let's see the
IP reputation...
An old tool: 
Bingo...! listed! And I do trust SpamHaus' lists.

But that's not all. The IP address really seems to be a chineese one: 

Okay then, russian domain name, chineese IP... still looks strange to me.

But the IP address reveals other interesting details:
Listed because I is said to host a malware.

And guess what... ESET confirms it (access blocked while accessing it)

Partager cet article