Date: Tue, 26 Mar 2013 06:23:36 +0800The attachment Efax_Pages.htm leads to a malicious payload at [donotclick]hjuiopsdbgp.ru:8080/forum/links/column.php (report here) hosted on the following IPs:
From: LinkedIn [welcome@linkedin.com]
Subject: Efax Corporate
Attachments: Efax_Pages.htm
Fax Message [Caller-ID: 378677295]
You have received a 59 pages fax at Tue, 26 Mar 2013 06:23:36 +0800, (954)-363-5285.
* The reference number for this fax is [eFAX-677484317].
View attached fax using your Internet Browser.
© 2013 j2 Global Communications, Inc. All rights reserved.
eFax ® is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFax ® Customer Agreement.
66.249.23.64 (Endurance International Group, US)
69.46.253.241 (RapidDSL & Wireless, US)
95.211.154.196 (Leaseweb, Netherlands)
Blocklist:
66.249.23.64
69.46.253.241
95.211.154.196
hohohomaza.ru
humarikanec.ru
hillaryklinton.ru
hinakinioo.ru
hillairusbomges.ru
hjuiopsdbgp.ru
heepsteronst.ru
No comments:
Post a Comment