Date: Fri, 1 Jun 2012 02:45:50 +0000
From: LinkedIn Email Confirmation [emailconfirm@linkedin.com]
Subject: Please confirm your email address
Click here to confirm your email address.
If the above link does not work, you can paste the following address into your browser:
You will be asked to log into your account to confirm this email address. Be sure to log in with your current primary email address.
We ask you to confirm your email address before sending invitations or requesting contacts at LinkedIn. You can have several email addresses, but one will need to be confirmed at all times to use the system.
If you have more than one email address, you can choose one to be your primary email address. This is the address you will log in with, and the address to which we will deliver all email messages regarding invitations and requests, and other system mail.
Thank you for using LinkedIn!
--The LinkedIn Team
� 2012, LinkedIn Corporation
The payload is on [donotclick]immerialtv.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) hosted on the following IPs:
50.57.43.49 (Slicehost, US)
50.57.88.200 (Slicehost, US)
184.106.200.65 (Slicehost, US)
187.85.160.106 (Ksys Soluções Web, Brazil)
Plain list for copy-and-pasting:
50.57.43.49
50.57.88.200
184.106.200.65
187.85.160.106
Those IPs host the following domains which can also be assumed to be hostile:
immerialtv.ru
opimmerialtv.ru
piloramamoskow.ru
1 comment:
Thx for sharing this !
(Same people behind this and the Phoenix EK that was here :
http://www.malwaredomainlist.com/mdl.php?search=navigator&colsearch=All&quantity=50
)
Post a Comment