Date: Mon, 16 Sep 2013 22:43:06 +0400 [14:43:06 EDT]
From: eFax Corporate [message@inbound.efax.com]
Subject: Corporate eFax message - 1 pages
Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.
Fax Message [Caller-ID: 854-349-9584]
You have received a 1 pages fax at 2013-16-09 01:11:11 CST.
* The reference number for this fax is latf1_did11-1237910785-2497583013-24.
View this fax using your PDF reader.
Click here to view this message
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
Home | Contact | Login |
Powered by j2
2013 j2 Global Communications, Inc. All rights reserved.
eFax is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFax Customer Agreement.
[donotclick]die-web-familie.homepage.t-online.de/quasar/monte.js
[donotclick]dim-kalogeras-ka-lar.schools.ac.cy/initials/casanovas.js
[donotclick]ade-data.com/exuded/midyear.js
These then lead to a malware payload at [donotclick]rockims.com/topic/seconds-exist-foot.php which is a hijacked GoDaddy domain hosted on 192.81.133.143 (Linode, US) along with quite a few other hijacked domains (listed in italics below).
Recommended blocklist:
192.81.133.143
dim-kalogeras-ka-lar.schools.ac.cy
die-web-familie.homepage.t-online.de
ade-data.com
actorbell.com
facebookfansincrease.com
fillmaka.com
fillmmaka.com
filmaka.biz
filmaka.co.uk
filmaka.info
filmaka.org
filmaka.us
filmmaka.com
filmpunjab.com
fimaka.com
journeyacrossthesky.com
journeyacrossthesky.org
luckyemily.com
manpreetsidhu.com
ogaps.com
oshaughnessyfam.com
reliable661.com
rockcet.com
rockims.com
Please remove this post, as our godaddy account was hacked that time, now everything is fine, please remove this post as your post is effecting our business.
ReplyDelete