![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXvW5txeQdfu2Me9a_Oj56cOh3EFxftNSETvO-_-RR84RV0J0CQE5eqQ7MB1QfmoZt-R2Kf9cLbFvbHVUu9UhkWlaIOwHe-j57pZOU8vxVEejyGCdm3Cg_JpQcW1907LIFqxwp7_EEJxo/s200/amerika.png)
Date: Thu, 09 Aug 2012 21:25:41 +0200
From: "New order" [30F5DC6@tendbeyond.com]
To: [redacted]
Subject: Verify your order
Dear [redacted],
please verify your order #447256 at http://mailnegnu.com/FlashSoundNew/welcome19205.php?user_id=[redacted]&order_id=1EDDB29B4E
We hope to see you again soon!
The malicious payload is at [donotclick]qapskhnxlfuc.info/main.php?page=3f19233d6515cd5d (http://wepawet.iseclab.org/view.php?hash=0192c837b292369c4205be3b8fbd34b9&t=1344548568&type=jshttp://wepawet.iseclab.org/view.php?hash=0192c837b292369c4205be3b8fbd34b9&t=1344548568&type=js) hosted on 54.245.115.106 (Amazon.com, US) along with the following domains that you can also assume are malicious:
keopsyc.org
ydxmzbrnjoqc.info
pjldxysgnfh.info
bfkepzvscyjh.info
drogiyfwan.info
vkycwjqdrn.info
zutacxsyiq.info
dnytximqszfr.info
wexnfvciumr.info
wfzijmubdgtv.info
nkcxlmgzuhw.info
fzblvmwoix.info
diocqvenmxz.info
No comments:
Post a Comment