Date: Thu, 24 Jan 2013 04:04:42 +0600There is an attachment called Efax_Corporate.htm leading to a malicious payload at [donotclick]epimarkun.ru:8080/forum/links/column.php which is hosted on the following IPs:
From: Habbo Hotel [email@example.com]
Subject: Efax Corporate
Fax Message [Caller-ID: 963153883]
You have received a 28 pages fax at Thu, 24 Jan 2013 04:04:42 +0600, (157)-194-4168.
* The reference number for this fax is [eFAX-009228416].
View attached fax using your Internet Browser.
� 2013 j2 Global Communications, Inc. All rights reserved.
eFax � is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFax � Customer Agreement.
18.104.22.168 (Steadfast Networks, US)
22.214.171.124 (OVH, France)
126.96.36.199 (Mongolian Railway Commercial Center, Mongolia)
These IPs and domains are all malicious: