These sites are hosted on 46.183.217.119 (Dataclub, Latvia). I can't see anything at all of value in 46.183.216.0/21 so blocking access to all of that range might be prudent.
It also attempts to load an exploit from a site called bbb-complains.org which is not resolving at present.
A couple of example emails:
Date: Thu, 15 Dec 2011 07:42:51 +0000
From: "risk.manager@nacha.org" [risk.manager@nacha.org]
Subject: Your ACH transaction details
Attention: Accounting Department
This message includes an important information regarding the ACH debit transfer sent on your behalf, that was detained by our bank:
Transaction ID: 079788807282357
Transaction status: pending
In order to resolve this matter, please use the link below to review the transaction details as soon as possible.
Yours faithfully,
Anthony Cooley
Chief Accountant
and
Date: Thu, 15 Dec 2011 07:30:43 +0000
From: "alert@nacha.org" [alert@nacha.org]
Subject: Your pending ACH debit transfer
Dear Sir or Madam,
Please find below a report about the ACH debit transfer sent on your behalf, that was kept back by our bank:
Transaction #: 638798200851317
Status of the transaction: pending
In order to resolve this matter, please review the transaction details using the link below as soon as possible.
Yours truly,
Kevin Hunt
Chief Accountant
No comments:
Post a Comment