"HP Officejet" spam / chredret.ru

More spam pointing to a malicious web page at chredret.ru/main.php (after redirecting through a legitimate but hacked site), but this time using the old "HP Officejet" approach.

Date:      Wed, 28 Dec 2011 05:32:16 +0700
From:      VG2EBrady@gmail.com
Subject:      Re: Fwd: Re: Scan from a HP Officejet #8056528

A document was scanned and sent to you using a Hewlett-Packard JET SK868691M



Sent to you by: SHEA
Pages : 3
Filetype: Image (.jpeg) View

Location: GDOSO.1.3TH
Device: OP685S9OD6236672

The domain chredret.ru  was used in this spam run yesterday, but now the server has moved from 46.249.37.22 to 91.222.137.170 (Delta-X, Ukraine). I don't know Delta-X at all, but the SiteVet and Google reports are not good, so you might want to consider blocking the entire range 91.222.136.0/22.