From: messages-noreply@bounce.linkedin.com [mailto:messages-noreply@bounce.linkedin.com] On Behalf Of LinkedIn ConnectionsThe link goes through some obfuscated javascript (report here) to lead to [donotclick]viewsonicone.ru:8080/forum/links/column.php hosted on the following IPs:
Sent: 10 October 2012 09:46
Subject: Nayeli is now part of your network. Keep connecting...
[redacted]. Congratulations!
You and Nayeli are now connected.
Nayeli Deaton
--
Chad
2012, LinkedIn Corporation
68.67.42.41 (Fibrenoire Internet, Canada)
178.79.146.49 (Linode, UK)
203.80.16.81 (MYREN, Malaysia)
All these IPs and domains are potentially malicious and should be blocked if you can do it:
68.67.42.41
178.79.146.49
203.80.16.81
rumyniaonline.ru
sonatanamore.ru
onlinebayunator.ru
uzoshkins.ru
limonadiksec.ru
ioponeslal.ru
pionierspokemon.ru
appleonliner.ru
lenindeads.ru
viewsonicone.ru
No comments:
Post a Comment