Date: Mon, 1 Jul 2013 21:04:36 +0530The link goes through a legitimate hacked site to end up on a malicious payload at [donotclick]pinterest.com.reports0701.net/news/pay-notices.php (report here and here) which contains an exploit kit. The malware is hosted on a subdomain of a main domain with fake WHOIS details (it belongs to the Amerika gang) which is a slightly new technique:
From: "Pinterest" [naughtinessw5@newsletters.pinterest.net]
To: [redacted]
Subject: Your password on Pinterest Successfully changed!
[redacted]
Yor password was reset. Request New Password.
See Password
Pinterest is a tool for collecting and organizing things you love.
This email was sent to [redacted].
Don?t want activity notifications? Change your email preferences.
�2013 Pinterest, Inc. | All Rights Reserved
Privacy Policy | Terms and Conditions
June Parker parker@mail.com
740-456-7887 fax: 740-456-7844
4427 Irving Road
New Boston OH 45663
us
The following IPs are in use:
77.240.118.69 (Acens Technlogoies, Spain)
89.248.161.148 (Ecatel, Netherland)
208.81.165.252 (Gamewave Hongkong Holdings, US)
Recommended blocklist:
77.240.118.69
89.248.161.148
208.81.165.252
afabind.com
chinadollars.net
condalinneuwu5.ru
condalnua745746.ru
condalnuashyochetto.ru
ehnihjrkenpj.ru
ehnihujasebejav15.ru
ejoingrespubldpl.ru
gindonszkjchaijj.ru
gnanisienviwjunlp.ru
greli.net
gstoryofmygame.ru
meynerlandislaw.net
oydahrenlitutskazata.ru
patrihotel.net
pinterest.com.reports0701.net
reports0701.net
reveck.com
sartorilaw.net
sendkick.com
spanishafair.com
No comments:
Post a Comment