The message of the website sounds like:
You have received an Greeting eCard
Good day.
You have received an eCard
To pick up your eCard, choose from any of the following options:
Click on the following link (or copy & paste it into your web browser):
http://theorionfund.org/ecard.exe
Your card will be aviailable for pick-up beginning for the next 30 days.
Please be sure to view your eCard before the days are up!
We hope you enjoy you eCard.
Thank You!
Few websites were identified to host similar scam.
hxxxp://bocaalenda.multiply.com/journal/item/169/You_have_received_an_Greeting_eCard
hxxxp://bocaalenda.multiply.com/journal/item/168/You_have_received_an_Greeting_eCard
hxxxp://bocaalenda.multiply.com/journal/item/170/You_have_received_an_Greeting_eCard
hxxxp://googeelblog.blogspot.com/2010/07/you-have-received-greeting-ecard_9433.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_5182.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_5260.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_505.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_1193.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_7126.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_3877.html
Malware samples:
hxxxp://passmc.com/ecard.exe
hxxxp://theorionfund.org/ecard.exe VT (11/42)
hxxxp://westinghouse-ueo.net/card.exe VT (12/42)
hxxxp://laxus.com.br/ecard.exe VT (27/42)
hxxxp://onlinehom.com/ecard.exe
IP Address: 167.142.226.220
accuscript-mt.com
agri-ed.com
agricareersinc.com
alsvacuum.com
americandeco.com
arcadiaiowa.net
argeetrans.com
barnesfoodland.com
beef4you.com
bethurem.com
bistatetelesource.com
bloomfieldfoundry.com
casshealth.com
casshealth.org
cfirst.com
chalkartist.com
cityofmechanicsville.net
clonerights.com
cmtel.com
commodityservices.com
creative-treasures.net
customprecast.com
dbrooker.com
delimit.com
deltainc-usa.com
fachristian.com
farm-and-home.com
fmtcnet.com
froehlichcomm.com
fughios.net
gbmckee.com
geometricdesigninc.net
gilman-iowa.com
gogelbvieh.com
greeneiowa.com
hawkeyebb.com
helianthus-productions.com
helianthusproductions.com
hi-res-graphics.com
hickorypark-bbq.com
hometowntvappliance.com
jamesport-mo.com
kellogg-iowa.com
kwqc.net
lawtoniowa.com
leonardrealty.net
libertycommunications.com
llbk.com
lwvia.org
madridiowa.com
marneelkhorn.com
mathisoninc.com
mckennatrx.com
mewnlite.com
midwestbenefits.com
mindymyers.com
music-iowa.com
ncrlc.com
ndm-girls-softball.com
nebola.com
netins.net
netinsts.net
newleafmedia.net
newlifefamilyworship.com
northscottchamber.com
northscottsoccer.net
odebolt.net
ooo-er.net
polybytes.com
polyview.com
portals-past.com
prairielifestudio.com
prairieridge.net
prins-ins.com
proscription.net
qcqc.com
raytech-measuring.com
restorationproduct.com
rettey.com
riwma.net
rkshows.com
rock-n-row-adventures.com
rohlfsen.com
rosenboom.com
security-title.net
sellers-sellars-sollars-zellars.net
smyser-racing.com
somethingtoshare.net
southslope.com
spal-usa.com
spreadingelm.com
st-pauls-cathedral.com
statelinerally.net
stjosephjefferson.net
stratfordiowa.com
strawberrycomputing.net
suemears.com
swanengr.com
tastetogo.net
thoughtscreate.com
thundersnow.com
tigerbowl.com
timswebsite.net
tonyvaldez.com
tournamentheadquarters.net
vcbconsulting.com
vikingupdate.com
vossrealty.com
wdmpsych.com
webhosting.netins.net
whiteroofing.com
windturbinewarehouse.com
word-crafter.net
www.barnesfoodland.com
www.fachristian.com
www.libertycommunications.com
www.ndm-girls-softball.com
www.northscottchamber.com
www.prairielifestudio.com
www.restorationproduct.com
y2ks.com
IP Address: 207.58.144.202
4caliber.com
74thstreet.com
abilityunleashed.com
acellabove.com
aethertide.net
aids-india.org
aimfbs.com
al-hasan.net
aldiemansion.com
animalstalk.net
aqua-metrics.com
areyouadjusted.com
arianahall.com
artfigures.com
backdoorfence.com
bass-x.net
bawcom.net
baycitybombers.com
beangourmet.com
beepestservices.com
blbeach.com
blockstudio-online.com
bolander.net
boschphoto.com
bostonbeacon.net
californiareadinglist.com
cancerlifeline.org
capcurr.com
carbonnel.com
cavaniws.com
chelseachamberplayers.com
chubbypaw.com
cinemajidi.com
coffeefilter.com
cpslawfirm.com
ctomag.com
danceswithhooves.net
dansteinberg.com
davidpavelka.com
deloriahurst.com
desertprogramming.com
docstotalpackage.com
dorny.com
dreamstarkaraoke.net
driedplum.com
driedplum.net
driedplums.com
driedplums.net
eb2bconference.com
ekingdirect.com
elirecords.com
espringdesigns.com
figgle.com
fishonice.com
funniestfemale.com
funopolies.com
gosafenet.com
gruneisen.net
highvaluemarketing.com
hollowtrucking.com
hoylen.com
hyattfarms.net
illuminalovesyou.com
imageloftphoto.com
jakadas.com
jancis.net
johnkeiser.com
jonhowland.com
justavisual.net
k-mac-plastics.net
kathleencameron.com
kekadesign.com
killerkomedy.com
lafinlarry.net
laurakennels.com
liberalinstitute.com
linkyears.com
lionessconsulting.com
mahinder.com
mail.hollowtrucking.com
mdmmc.com
mecca2.myhostdns.com
midwestloads.net
miesen.com
mocktherock.com
moosetwit.com
naflute.com
ninesages.com
ns15.cphosting.com
ns16.cphosting.com
ns6.cphosting.com
obxco.com
parkviewkennels.com
pbforj.com
plastools.com
rbccucc.org
recurrencies.net
rhinehart.net
rubberdonut.com
secihk.com
seedtheworld.com
silvan.us
skikeka.com
slammin.com
sonomasport.com
spitflames.com
structureperfect.com
systematixinc.com
taxprofessionals4hire.com
the-roulette-lounge.com
thebeangourmet.com
thesupplytent.com
tomhilt.com
uscomputertech.net
valkyriesinc.com
vantagepointproductions.com
vitaliy.com
wedig.com
wheatonhockey.com
willowpages.com
writersatthepodium.com
IP Address: 69.73.145.159
*.lambregts.org
*.latinafuckers.com
*.mailforme.org
*.wankyourself.com
albasrahuniv.com
aledween.net
bedounwaseet.com
bnia.com.eg
egpen.com
lambregts.org
mail.bnia.com.eg
mail.concordservice.com
mail.lambregts.org
mail.mailforme.org
mail.necb-misr.com
mailforme.org
necb-misr.com
ns.albasrahuniv.com
ns.aledween.net
ns.concordservice.com
ns.egpen.com
ns.hostahm.com
ns.necb-misr.com
westinghouse-ueo.net
www.wankyourself.com
187.45.195.15
97fm.odo.br
aabbskcis.biz
abcp.org.br
advogando.net
agenciafides.com
alexandresan.com
alvoradahotel.net
amanhantes.biz
americanday.biz
amonoite.biz
andreiazemuner.com
anjoquerubin.biz
antoniojose132.com
antoniojosesenador.com
antoniojosesenador132.com
antoniojotta.com
ataidealexade.biz
atostec.com
atualizacaouol.com
axlengenharia.com
baillargen.net
belaoptica.com
benicecream.com
bernardofaria.com
beta-cto.com
bikeparadebrazil.com
brazilymen.biz
brinformatica.info
brozpeidona.com
caixafeder4l.net
caixafederal2.net
caraveladown.biz
chavesdeacesso.net
clairebijuterias.biz
clairejoiass.biz
clubedocaors.com
comercial360.com
complleto.com
contatocomunica.com
contatocomunica.net
crackeringhouse.com
dealbuquerque.biz
denisebrandao.biz
dermoclinica.med.br
downloadswebs.biz
dtonetti.com.br
dubynovak.com
ecobioambiental.com
eddyebruno.biz
elitesegurancaeletronica.com
emporiodoacucar.com
festgospel1000.com
festlabel2010.com
financasmagalaes.net
ftconstrutora.com
ggasxasx.com
gotti.com.br
grelhadytotu.biz
hhehehxas.com
hm3060.locaweb.com.br
hopesquisa.com
hopesquisademercado.com
imagemengenharia.com
importadoraamericas.com
inboxdenv.net
inicializacaojuridico.net
inicializacaopessoal.net
jeh182.com
juniorrosa.com
kaiomy.biz
kalaacaba.biz
kalbnhsk.biz
karolyngarcya.com
kitandaky.biz
klb.net
lababetterie.com
laxus.com.br
lionbrandao.biz
lkjjaose.biz
lkjjaosekl.biz
macerdan.biz
maissexo24hr.com
marradevas.biz
marvindey.biz
midiaclic.com
mixxtotal.com
morfiga.com
natucid.com.br
oliveira1254.net
optcon.net
padariamirasol.com
pedrocash.com
planetadosexo.net
portaldapropaganda.com.br
portaldoricardogama.com
proeaddireito.com
promocaomais.com
queroveloxemsantarem.net
ragreva.com
renanluna.com
rioparty.net
satolepweb.net
segredosemitos.com
segsecuritysystem.net
sgeduc.com
solariumviana.com
surpreendamaster.net
terraencantadafestas.com
teruelkerlly.net
teruelkerllys.biz
tesouratermica.com
thiagocesar.com
thjardins.com.br
titoryff.com
totalepis.com
twitvota.com
uashuashux1.com
vittorie.net
www.dermoclinica.med.br
www.pfgcaixa.com.br
www.portaldapropaganda.com.br
IP Address: 76.74.238.171
8rich888.biz
dreamlifeasia.com
kocalp.com
money4ever.biz
onlinehom.com
server1.rsyserv.com
swepan.com
wfhswe.com
0 comments:
Post a Comment