Subject: Re: Scan from a Hewlett-Packard ScanJet 20382282
Attached document was scanned and sent
to you using a Hewlett-Packard NetJet 280904SL.
SENT BY : ETSUKO
PAGES : 9
FILETYPE: .HTM [Internet Explorer File]
(See attached file: HP_Jet_27_P683.zip)
The HTML file leads to malware at superproomgh.ru:8080/navigator/jueoaritjuir.php (report here) which is multihomed on the following IPs:
41.168.5.140 (Neotel Pty, South Africa)
61.187.191.16 (ChinaNet Hunan, China)
62.85.27.129 (Microlink, Latvia)
78.83.233.242 (Spectrum Net JSC, Bulgaria)
125.19.103.198 (Bharti Infotel Ltd, India)
202.143.147.35 (Ministry of Education, Thailand)
202.149.85.37 (Satata Neka Tama, Indonesia)
210.56.23.100 (Commission For Science And Technology, Pakistan)
210.56.24.226 (Commission For Science And Technology, Pakistan)
210.109.108.210 (Sejong Telecom, Korea)
211.44.250.173 (SK Broadband Co Ltd, Korea)
219.94.194.138 (Sakura Internet, Japan)
Plain list for copy-and-pasting:
41.168.5.140
61.187.191.16
62.85.27.129
78.83.233.242
125.19.103.198
202.143.147.35
202.149.85.37
210.56.23.100
210.56.24.226
210.109.108.210
211.44.250.173
219.94.194.138