Date: Mon, 12 Dec 2011 14:10:59 +0100
From: "firstname.lastname@example.org" [email@example.com]
Subject: BBB assistance Re: Case # 52010425
The Better Business Bureau has been sent the above mentioned complaint from one of your clients on the subject of their business relations with you.
The detailed information about the consumer's concern is contained in attached file.
Please examine this question and let us know about your opinion.
We encourage you to click here to reply this complaint.
We look forward to your urgent response.
Better Business Bureau
Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
The malicious payload is eryirs.com/main.php?page=69dbd5a1e3ed6ae9 which is hosted on 220.127.116.11 (Arima Networks, Canada). Blocking access to 18.104.22.168 is probably a good idea in case there are other malicious sites on the server.
The no-doubt-fake WHOIS details for the domain are:
Email Address: firstname.lastname@example.org