Date: Tue, 19 Mar 2013 10:40:22 -0600The malicious payload is at [donotclick]salespeoplerelaunch.org/close/printed_throwing-interpreting-dedicated.php (report here) hosted on 69.197.177.16 (WholeSale Internet, US).
From: "CNN Breaking News" [BreakingNews@mail.cnn.com]
Subject: Opinion: Cyprus banks shut extended to Monday - CNN.com
Powered by
* Please note, the sender's email address has not been verified.
You have received the following link from BreakingNews@mail.cnn.com:
Click the following to access the sent link:
Cyprus banks shut extended to Monday - CNN.com*
Get your EMAIL THIS Browser Button and use it to email content from any Web site. Click here for more information.
*This article can also be accessed if you copy and paste the entire address below into your web browser.
by clicking here
Nameservers are NS1.DNSLVLUP.COM (5.9.212.43, Hetzner / Dolorem Ipsum Management Ltd, Germany) and NS2.DNSLVLUP.COM (66.85.131.123, Secured Servers LLC / Phoenix NAP, US)
Recommended blocklist:
salespeoplerelaunch.org
dnslvlup.com
69.197.177.16
5.9.212.43
66.85.131.123
No comments:
Post a Comment