Two fake FedEx campaigns today, with a format similar to the one found here but with different payload sites of dushare.net and gsigallery.net
In the first case, the malicious payload is at [donotclick]dushare.net/main.php?page=c82ec1c8d6998cf0 (report here) hosted on 18.104.22.168 (G Mobile, Mongolia). In the second case the payload is at [donotclick]gsigallery.net/main.php?page=2bfd5695763b6536 (report here) also hosted on 22.214.171.124.
The following domains are on the same server and should also be treated as being suspect.
Leave a reply