![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU3f67K6C0NBokv04V37IYb3DgiTWa7OqhYK9KLn1zOV5r2-ZvW_f2syAYwe10QTwKlZcGWVmmhhG55RFY6tig_hDj_f5v2h6jeWOfuRWYMniYMtooVpvmKTEEMF9oi_dDXZG18tettOE/s200/ru8080.png)
Date: Fri, 30 Nov 2012 04:54:30 -0300
From: Jone Castaneda via LinkedIn [member@linkedin.com]
Subject: RE: Leonie - Copies of Policies.
Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.
Leonie Doyle,
==========
Date: Fri, 30 Nov 2012 02:32:21 -0400
From: sales1@[victimdomain].com
Subject: RE: Samson - Copies of Policies.
Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.
Samson Henry,
The malicious payload is at [donotclick]podarunoki.ru:8080/forum/links/column.php hosted on some familiar IP addresses which should be blocked if you can:
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
The following domains are also on the same servers:
gurmanikia.ru
ganiopatia.ru
ganalionomka.ru
genevaonline.ru
podarunoki.ru
binaminatori.ru
ganadeion.ru
dimarikanko.ru
delemiator.ru
No comments:
Post a Comment