These sites are hosted on 184.108.40.206 (Dataclub, Latvia). I can’t see anything at all of value in 220.127.116.11/21 so blocking access to all of that range might be prudent.
It also attempts to load an exploit from a site called bbb-complains.org which is not resolving at present.
A couple of example emails:
Attention: Accounting Department
This message includes an important information regarding the ACH debit transfer sent on your behalf, that was detained by our bank:
Transaction ID: 079788807282357
Transaction status: pending
In order to resolve this matter, please use the link below to review the transaction details as soon as possible.
Dear Sir or Madam,
Please find below a report about the ACH debit transfer sent on your behalf, that was kept back by our bank:
Transaction #: 638798200851317
Status of the transaction: pending
In order to resolve this matter, please review the transaction details using the link below as soon as possible.
Leave a reply