Date: Mon, 5 Nov 2012 12:54:44 +0530
From: Declan Benjamin via LinkedIn [[email protected]]
Subject: Wire Transfer Confirmation (FED 27845UL095)
Your Wire Transfer Amount: USD 85,714.01
Wire Transfer Report: View
The Federal Reserve Wire Network
Thanks for paying with PayPal.
We congratulate you with your first Paypal money transfer. But we have hold it for the moment because the amount is over the security borders of our rules.
Here is what we have on file for you. Take a second to confirm we have your correct information.
Amount: 27380.54 $
Reciever: Gracia Cooley
E-mail: [email protected][redacted].com
Help Center | Security Center
Please don’t reply to this email. It’ll just confuse the computer that sent it and you won’t get a response.
Copyright 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.
PayPal Email ID PP6118
The malicious payload in both cases is [donotclick]forumibiza.ru:8080/forum/links/column.php hosted on the following IPs:
188.8.131.52 (RimuHosting, US)
184.108.40.206 (Universiti Putra, Malaysia)
220.127.116.11 (MYREN, Malaysia)
Leave a reply