Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NOTE: Information is based on a sample of FAX phishing email seen on 2013-07-18
- -------------------------------------------------------------------
- Received: from (192.168.1.13) by livenirvana.com (75.144.236.193)
- From: "FAX" <fax@your-fax.com>
- Subject: New incoming fax
- Attachment: Content-Type: application/zip; name="fax01001016503.zip"
- Body:
- Dear Customer,You have received a new fax.
- Date/Time: 2013:07:18 10:13:51
- Number of pages:5
- Received from: 0845 3000 000
- Regards,FAX
- -------------------------------------------------------------------
- MD5s
- ZIP - afbe8430f82b7cb051c24036b19d4ebc
- EXE - 52bfde0a7073611ab3f952168eb88308 VT (8/46) https://www.virustotal.com/en/file/625536d555e36144e32b33f294c250c7aaec4d040efa75cabb0e8ca700c76c3b/analysis/
- GETs:
- ftp.alenetoo.com/2YLt.exe
- getreadytochangeyourlife.com/wJwU.exe
- www.artwork.1stpads.com/ijiK.exe
- www.bansontrade.co.uk/ULiC.exe
- POSTs:
- dreamonseniorswish.org/forum/viewtopic.php
- nursenextdoor.com/forum/viewtopic.php
- phonebillssuck.com/forum/viewtopic.php
- prospexleads.com/forum/viewtopic.php
- additional sending hosts:
- Received: from (192.168.1.186) by gil.com.au (216.255.10.52)
- Received: from (192.168.1.19) by ponyexpress.net (209.113.197.194)
- Received: from (192.168.1.116) by afes.com (108.176.1.241)
- Received: from (192.168.1.188) by compufort.com (41.215.215.183)
- Received: from (192.168.1.29) by unb.ca (77.30.46.33)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
