Hello,
Shipping Confirmation
Order # 651-5411744-0155168 <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html>
Your estimated delivery date is:
Tuesday, December 13, 2011
Track your package <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html> Thank you for shopping with us. We thought you'd like to know that we shipped this portion of your order separately to give you quicker service. You won't be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html> on Amazon.com <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html> .
Shipment Details
Omron WFB-387U Fat Loss Monitor, Black $129.95
Item Subtotal: $129.95
Shipping & Handling: $0.00
Total Before Tax: $129.95
Shipment Total: $129.95
Paid by Visa: $129.95
You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.
Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html> .
We hope to see you again soon!
Amazon.com
Shipping Confirmation
Order # 651-5411744-0155168 <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html>
Your estimated delivery date is:
Tuesday, December 13, 2011
Track your package <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html> Thank you for shopping with us. We thought you'd like to know that we shipped this portion of your order separately to give you quicker service. You won't be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html> on Amazon.com <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html> .
Shipment Details
Omron WFB-387U Fat Loss Monitor, Black $129.95
Item Subtotal: $129.95
Shipping & Handling: $0.00
Total Before Tax: $129.95
Shipment Total: $129.95
Paid by Visa: $129.95
You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.
Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service <http://ar.news.assyrianchurch.com/wp-content/uploads/fgallery/stay.html> .
We hope to see you again soon!
Amazon.com
<html><header><META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://certerpen.info/main.php?page=525447c096f8efbf"></header></html><!-- f851b407dc236b90d847a111101a9a44e2556d0bdbfd2bc92ce43c40 -->
Headers:
Return-Path: <revenueku82@iicbelgium.com>
Delivered-To: services@it-mate.co.uk
X-Spam-Flag: YES
X-Spam-Score: 8.476
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.476 tagged_above=-9999 required=1.3
tests=[BAYES_00=-1.9, FH_FAKE_RCVD_LINE=1.778,
FORGED_MUA_OUTLOOK=1.927, FORGED_OUTLOOK_HTML=0.021,
FORGED_OUTLOOK_TAGS=0.052, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001,
HTML_MIME_NO_HTML_TAG=0.377, HTML_NONELEMENT_30_40=0.001,
MIME_HTML_ONLY=0.723, MIME_HTML_ONLY_MULTI=0.001,
MISSING_MIMEOLE=1.899, MPART_ALT_DIFF=0.79, RCVD_DOUBLE_IP_SPAM=1.808,
SPF_PASS=-0.001] autolearn=no
Received: from mail.mdmcommercial.com (mail.mdmcommercial.com [65.212.113.54])
by mail4.emailconfig.com (Postfix) with ESMTP id 4B607398367
for <services@it-mate.co.uk>; Fri, 9 Dec 2011 14:11:08 +0000 (GMT)
Message-ID: <BIZSSKOTQKLKBTZFODELFMIHZG9SrHPOO609002tchxqbox@madhuri.com>
From: "Iris Richey" <dutgbufyflnxbf@madhuri.com>
Reply-To: "Iris Richey" <dutgbufyflnxbf@madhuri.com>
To: <services@it-mate.co.uk>
Subject: [SPAM] Your Amazon.com order of "Omron WFB-387U Fat Loss ..." has
shipped!
Date: Fri, 9 Dec 2011 09:11:38 -0500
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="-----=2974_0591_72ZQJO398Y43.28BQ175EI"
X-Priority: 3
X-MSMail-Priority: Normal
Delivered-To: services@it-mate.co.uk
X-Spam-Flag: YES
X-Spam-Score: 8.476
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.476 tagged_above=-9999 required=1.3
tests=[BAYES_00=-1.9, FH_FAKE_RCVD_LINE=1.778,
FORGED_MUA_OUTLOOK=1.927, FORGED_OUTLOOK_HTML=0.021,
FORGED_OUTLOOK_TAGS=0.052, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001,
HTML_MIME_NO_HTML_TAG=0.377, HTML_NONELEMENT_30_40=0.001,
MIME_HTML_ONLY=0.723, MIME_HTML_ONLY_MULTI=0.001,
MISSING_MIMEOLE=1.899, MPART_ALT_DIFF=0.79, RCVD_DOUBLE_IP_SPAM=1.808,
SPF_PASS=-0.001] autolearn=no
Received: from mail.mdmcommercial.com (mail.mdmcommercial.com [65.212.113.54])
by mail4.emailconfig.com (Postfix) with ESMTP id 4B607398367
for <services@it-mate.co.uk>; Fri, 9 Dec 2011 14:11:08 +0000 (GMT)
Message-ID: <BIZSSKOTQKLKBTZFODELFMIHZG9SrHPOO609002tchxqbox@madhuri.com>
From: "Iris Richey" <dutgbufyflnxbf@madhuri.com>
Reply-To: "Iris Richey" <dutgbufyflnxbf@madhuri.com>
To: <services@it-mate.co.uk>
Subject: [SPAM] Your Amazon.com order of "Omron WFB-387U Fat Loss ..." has
shipped!
Date: Fri, 9 Dec 2011 09:11:38 -0500
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="-----=2974_0591_72ZQJO398Y43.28BQ175EI"
X-Priority: 3
X-MSMail-Priority: Normal
Host: certerpen.info
IP: 91.195.11.42
IP PTR: Resolution failed
ASN: 43479 91.195.10.0/23 UKRNIC-AS Ukrstar
No surprises as far as the ASN of course;
inetnum: 91.195.10.0 - 91.195.11.255
netname: UKRSTAR-NET
descr: UkrStar ISP
descr: www.ukrstar.com
country: UA
org: ORG-UA98-RIPE
admin-c: SER50-RIPE
tech-c: WIRE88-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: UKRNIC-MNT
mnt-routes: UKRNIC-MNT
mnt-domains: UKRNIC-MNT
source: RIPE # Filtered
organisation: ORG-UA98-RIPE
org-name: UkrStar
org-type: OTHER
descr: www.ukrstar.com
address: Dal'nitskaya 46, room 404
address: Odessa 65005
address: Ukraine
phone: +380482390190
fax-no: +380482324245
e-mail: noc@ukrstar.com
admin-c: SER50-RIPE
tech-c: WIRE88-RIPE
mnt-ref: GLOBALNETWORKS-MNT
mnt-by: GLOBALNETWORKS-MNT
source: RIPE # Filtered
person: Sanin Sergey Victorovich
address: Deribasovskaya str., 12
address: Odessa 65027
address: Ukraine
phone: +380487771551
e-mail: ser-0@clan-0.com
nic-hdl: SER50-RIPE
mnt-by: GLOBALNETWORKS-MNT
source: RIPE # Filtered
person: Grigoretskiy Sergey Aalexandrovich
org: ORG-UA98-RIPE
address: Dal'nitskaya str., 46, room 404
address: Odessa 65005
address: Ukraine
phone: +380482390190
e-mail: sg@ukrstar.com
nic-hdl: WIRE88-RIPE
mnt-by: GLOBALNETWORKS-MNT
source: RIPE # Filtered
:: Information related to '91.195.10.0/23AS43479'
route: 91.195.10.0/23
descr: UKRNIC-IP-BLOCK
origin: AS43479
mnt-by: UKRNIC-MNT
source: RIPE # Filtered
netname: UKRSTAR-NET
descr: UkrStar ISP
descr: www.ukrstar.com
country: UA
org: ORG-UA98-RIPE
admin-c: SER50-RIPE
tech-c: WIRE88-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: UKRNIC-MNT
mnt-routes: UKRNIC-MNT
mnt-domains: UKRNIC-MNT
source: RIPE # Filtered
organisation: ORG-UA98-RIPE
org-name: UkrStar
org-type: OTHER
descr: www.ukrstar.com
address: Dal'nitskaya 46, room 404
address: Odessa 65005
address: Ukraine
phone: +380482390190
fax-no: +380482324245
e-mail: noc@ukrstar.com
admin-c: SER50-RIPE
tech-c: WIRE88-RIPE
mnt-ref: GLOBALNETWORKS-MNT
mnt-by: GLOBALNETWORKS-MNT
source: RIPE # Filtered
person: Sanin Sergey Victorovich
address: Deribasovskaya str., 12
address: Odessa 65027
address: Ukraine
phone: +380487771551
e-mail: ser-0@clan-0.com
nic-hdl: SER50-RIPE
mnt-by: GLOBALNETWORKS-MNT
source: RIPE # Filtered
person: Grigoretskiy Sergey Aalexandrovich
org: ORG-UA98-RIPE
address: Dal'nitskaya str., 46, room 404
address: Odessa 65005
address: Ukraine
phone: +380482390190
e-mail: sg@ukrstar.com
nic-hdl: WIRE88-RIPE
mnt-by: GLOBALNETWORKS-MNT
source: RIPE # Filtered
:: Information related to '91.195.10.0/23AS43479'
route: 91.195.10.0/23
descr: UKRNIC-IP-BLOCK
origin: AS43479
mnt-by: UKRNIC-MNT
source: RIPE # Filtered
I've had a few more of the ACH ones with the JS MITMs too, this time, the domain housing the payload, was;
Host: wonderfulwreath.com
IP: 46.45.137.205
IP PTR: 46-45-137-205.turkrdns.com
ASN: 42926 46.45.137.0/24 RADORE Radore Hosting Telekomunikasyon Hizmetleri San. ve Tic. Ltd. Sti.
References
Blackhole exploit: For those wondering, Part 3 - Fake Facebook e-mail
http://hphosts.blogspot.com/2011/12/blackhole-exploit-for-those-wondering_08.html
Blackhole exploit: For those wondering, Part 2
http://hphosts.blogspot.com/2011/12/blackhole-exploit-for-those-wondering_05.html
Blackhole exploit: For those wondering
http://hphosts.blogspot.com/2011/12/blackhole-exploit-for-those-wondering.html
Deobfuscate exploit kits using Malzilla
http://www.malwaredomainlist.com/forums/index.php?topic=4636
Posts
No comments:
Post a Comment