Westpac spam email – You have new notification

Malicious or spam emails are frequent but one of the best ways to get a system/host infected.

Recently I received an email from one of the Big 4 banks of Australia – Westpac.

Very first thing was I am not a customer so definitely it was a phishing scam.

Actual Email

email headerswestpac email

Actual email is a bit unprofessional. The URL is ending with Bankingx. Email is coming from west-pac@bbodyregistry.com.
Looking at the email headers the originating IP address is 41.57.96.54. Email headers also shows the email came from IP 197.232.31.99. Geo location of both IP address is Kenya.

Virustotal results : https://www.virustotal.com/en/ip-address/41.57.96.54/information/
IP Address does have few malicious URL’s detected previously.

Clicking on the URL in the email it re-directs to http://antoniahallcommunications.com/referrer/. The site is identified as Phishing attack by Google Chrome.

chrome phishing .

So disabled the phishing and Malware protection from the browser settings and access the site again. No signatures were triggered on Security Onion Snort. Received following response :

tcp stream The site resolves to 198.46.82.80 – ehub36.webhostinghub.com – a free webhosting.

The site actually belongs to Antonia Hall a publicist.

Below are the IOC’s:

197.232.31.99
41.57.96.54
bbodyregistry.com

Conclusion :

I did not find anything malicious besides this being a unsuccessful attempts for a user to click on a link. Also, the URL is not accessible anymore.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s