Date: Mon, 12 Mar 2012 08:32:11 +0100The attachment leads to a malicious page at cjjasjjikooppfkja.ru:8080/images/aublbzdni.php. This domain is multihomed at:
From: "KATELYN NEAL"
Subject: Fwd: Scan from a Xerox W. Pro #0099345
Attachments: Xerox_Workcentre_03.08_FZ1820.htm
Please open the attached document. It was scanned and sent
to you using a Xerox WorkCentre Pro.
Sent by: Guest
Number of Images: 1
Attachment File Type: .HTML
WorkCentre Pro Location: machine location not set
Device Name: XRX318AA5BSX3515459
62.85.27.129 (Microlink Latvia Ltd, Latvia)
83.238.208.55 (Netia SA, Poland)
89.218.55.51 (Kazakhtelecom, Kazakhstan)
95.156.232.102 (Optimate-Server, Germany)
111.93.161.226 (Tata Teleservices, India)
118.97.9.60 (Telekomunikasi, Indonesia)
125.19.103.198 (Bharti Infotel, India)
190.81.107.70 (Telmex, Peru)
200.169.13.84 (Century Telecom Ltda, Brazil)
210.56.23.100 (Commission for Science and Technology, Pakistan)
210.109.108.210 (Sejong Telecom, Korea)
211.44.250.173 (SK Broadband Co Ltd, Korea)
219.94.194.138 (Sakura Internet Inc, Japan)
Plain list:
62.85.27.129
83.238.208.55
89.218.55.51
95.156.232.102
111.93.161.226
118.97.9.60
125.19.103.198
190.81.107.70
200.169.13.84
210.56.23.100
210.109.108.210
211.44.250.173
219.94.194.138
Blocking hese IPs would be a good idea.
No comments:
Post a Comment