Date: Tue, 30 Jan 2012 11:02:13 +0000The payload is on matoreria.com/search.php?page=73a07bcb51f4be71 hosted on 66.150.164.137 (Nuclear Fallout Enterprises, Seattle). We've seen this ISP before. At the moment the payload seems not to be working properly.
From: info@nacha.org
Subject: Your ACH transaction
The ACH transaction (ID: 8519169560300), recently initiated from your bank account (by you or any other person), was canceled by the other financial institution.
Canceled transfer
Transaction ID: 8519169560300
Rejection Reason See details in the report below
Transaction Report report_8519169560300.doc (Microsoft Word Document)
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171
2011 NACHA - The Electronic Payments Association
Blocking access to the IP address will also block access to any other malicious sites on the same server.
1 comment:
Today I tested the same mail where a connection to IP 124.217.226.160 was seen.
The IP belongs to
person: PIRADIUS NET Administrator
nic-hdl: PA124-AP
e-mail: admin@piradius.net
address: PIRADIUS NET
address: Unit 8.2, 8 Floor, Menara Aik Hua
address: Changkat Raja Chulan
address: 50200
address: Kuala Lumpur
address: Malaysia
phone: +603-20318850
fax-no: +603-20318851
country: MY
changed: admin@piradius.net 20071003
mnt-by: MAINT-MY-PIRADIUS
abuse-mailbox: abuse@piradius.net
source: APNIC
Post a Comment