Date: Sat, 10 Aug 2013 01:33:17 +0330 [18:03:17 EDT]
From: CNN [BreakingNews@mail.cnn.com]
Subject: CNN: " Canadian teenager Rehtaeh Parsons"
2 face charges in case of Canadian girl who hanged self after alleged rape
By Stephanie Gallman and Phil Gast, CNN
updated 6:39 AM EDT, Fri August 9, 2013
Canadian teenager Rehtaeh Parsons, who was allegedly gang-raped and bullied, has died, her family said. Parsons, 17, was hospitalized after she tried to hang herself on Thursday, April 4. The high school student from Halifax, Nova Scotia, was taken off life support three days later.
Canadian teenager Rehtaeh Parsons
Two 18-year-old men face child pornography charges in connection with the case of a 17-year-old girl who hanged herself after she was allegedly gang-raped and bullied online, Canadian authorities said Thursday evening. Full story >>
The link in the email goes through a legitimate but hacked site and ends up running one of three scripts:
[donotclick]1494ccc706155932.lolipop.jp/canard/lockup.js
[donotclick]ftp.adaware.net/earwax/philosophic.js
[donotclick]hargobindtravels.com/coloratura/nesting.js
The victim is then sent to a malware payload site at [donotclick]hubbynwifewines.com/topic/able_disturb_planning.php which is a hacked GoDaddy domain hosted on 72.249.76.197.
Recommended blocklist:
72.249.76.197
1494ccc706155932.lolipop.jp
ftp.adaware.net
hargobindtravels.com
housewalla.com
hubby-wife.com
hubbynwife.com
hubbynwifecakes.com
hubbynwifewines.com
hubbynwifedesigns.com
Hiya,
ReplyDeleteThanks for the spam updates.
I was checking this out this morning, and I resolve the IP address of hubbynwifewines.com to 68.178.232.100
@Aaron, that's good.. that's a GoDaddy parking IP which means that the domain is back where it should be!
ReplyDeleteМате!
ReplyDeleteReturn-Path:
Delivered-To: ме @ abv.bg
Received: from filter2.host.bg (filter2.host.bg [87.120.40.156]) by pmx.abv.bg (Postfix) with ESMTP id 3685D1A0040; Tue, 13 Aug 2013 03:42:52 +0300 (EEST)
Received: from mail.host.bg (mail.host.bg [87.120.40.3]) by filter2.host.bg (Postfix) with ESMTP id 38FBAC8C1C; Tue, 13 Aug 2013 03:42:52 +0300 (EEST)
Received: from venom.host.bg (venom.host.bg [87.120.40.138]) by mail.host.bg (Postfix) with ESMTP id 108C7B45633D0; Tue, 13 Aug 2013 03:42:52 +0300 (EEST)
Received: from static-71-254-156-24.lsanca.fios.verizon.net (static-71-254-156-24.lsanca.fios.verizon.net [71.254.156.24]) by venom.host.bg (Postfix) with ESMTP id 917814669B1; Tue, 13 Aug 2013 03:42:51 +0300 (EEST)
Received: from teutbutcvuujebijft (192.168.1.74) by teutbutcvuujebijft. (71.254.156.24) with Microsoft SMTP Server id 8.0.685.24; Mon, 12 Aug 2013 16:42:50 -0800
Message-ID: <5209723B.805060@facebook.com>
Date: Mon, 12 Aug 2013 16:42:50 -0800
From: CNN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Thunderbird/3.1.6
MIME-Version: 1.0
To: ме @zvezdev.net>, ме х 2 @zvezdev.net>
Subject: CNN: " Canadian teenager Rehtaeh Parsons"
Content-Type: multipart/alternative; boundary="------------07020300907030608030101"
2 face charges in case of Canadian girl who hanged self after alleged rape
By Stephanie Gallman and Phil Gast, CNN
updated 6:39 AM EDT, Fri August 9, 2013
Canadian teenager Rehtaeh Parsons, who was allegedly gang-raped and bullied, has died, her family said. Parsons, 17, was hospitalized after she tried to hang herself on Thursday, April 4. The high school student from Halifax, Nova Scotia, was taken off life support three days later.
Canadian teenager Rehtaeh Parsons
Two 18-year-old men face child pornography charges in connection with the case of a 17-year-old girl who hanged herself after she was allegedly gang-raped and bullied online, Canadian authorities said Thursday evening. Full story >>
:)) = @ spam.spamcop.net > Ха! :Д mirela