Sponsored by..

Thursday, 30 May 2013

Amazon.com 55 inch TV spam / ozonatorz.com

This earlier spam run about various brands of 55 inch TVs from Amazon has been updated and is now directing victims to a malware landing page on the domain ozonatorz.com:



From: auto-confirm@emlreq.amazon.com [mailto:bald4@customercare.amazon.com]
Sent: 29 May 2013 17:06
To: [redacted]
Subject: Amazon.com order of Akai NPK55KR9070 55-Inch

Amazon.com
Kindle Store
| Your Account | Amazon.com

Order Confirmation

Order #175-7801666-2934626

[redacted]

Thank you for shopping with us. Wed like to let you know that Amazon has received your order, and is preparing it for shipment. Your estimated delivery date is below. If you would like to view the status of your order or make any changes to it, please visit Your Orders on Amazon.com.


Your estimated delivery date is:
Thursday, May 30, 2013 -
Friday, May 31, 2013
Your shipping speed:
Next Day Air
Your Orders
Your order was sent to:
Benjamin Phillips
2724 3rdCotton Avenue
Cohoes, CA 62229-6646
United States


Order Details
Order #175-7801666-2934626
Placed on Wensday, May 29, 2013
Akai NPK55KR9070 55-Inch 1080p 120Hz LED 3D HDTV (Silber)
Electronics
In Stock
Sold by MODIA

Facebook
Twitter
Pinterest
$979.98

Item Subtotal:
$979.98
Shipping & Handling:
$0.00

Total Before Tax:
$979.98
Estimated Tax:
$0.00


Order Total:
$979.98


To learn more about ordering, go to Ordering from Amazon.com.
If you want more information or need more assistance, go to Help.
Thank you for shopping with us.
Amazon.com
DVD
Books
Unless otherwise noted, items are sold by Amazon.com LLC and taxed if shipped to Kansas, North Dakota, New York, Kentucky or Washington. If your order contains one or more items from an Amazon.com partner it may be subject to state and local sales tax, depending on the state to which the item is being shipped. Learn more about tax and seller information.
This email was sent from a notification-only address that cannot accept incoming email. Please do not reply to this message.


The malicious payload is on [donotclick]ozonatorz.com/news/basic_dream-goods.php (report here) hosted on:
41.89.6.179 (Kenya Education Network, Kenya)
141.28.126.201 (Hochschule Furtwangen, Germany)
177.5.244.236 (Brasil Telecom, Brazil)
208.68.36.11 (Digital Ocean, US)

These IPs form part of a much larger network of malicious sites listed here, but if we concentrate of these IPs only we get the following blocklist:
41.89.6.179
141.28.126.201
177.5.244.236
208.68.36.11
aviachecki.ru
avtotracki.ru
balckanweb.com
biati.net
buyparrots.net
federal-credit-union.com
giwmmasnieuhe.ru
icensol.net
mydkarsy.com
nvufvwieg.com
ozonatorz.com
rusistema.ru
smartsecurityapp2013.com
techno5room.ru
testerpro5.ru
trackerpro5.ru
twintrade.net
zeouk-gt.com

Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)