Westpac spam email – You have new notification

Malicious or spam emails are frequent but one of the best ways to get a system/host infected.

Recently I received an email from one of the Big 4 banks of Australia – Westpac.

Very first thing was I am not a customer so definitely it was a phishing scam.

Actual Email

email headerswestpac email

Actual email is a bit unprofessional. The URL is ending with Bankingx. Email is coming from west-pac@bbodyregistry.com.
Looking at the email headers the originating IP address is Email headers also shows the email came from IP Geo location of both IP address is Kenya.

Virustotal results : https://www.virustotal.com/en/ip-address/
IP Address does have few malicious URL’s detected previously.

Clicking on the URL in the email it re-directs to http://antoniahallcommunications.com/referrer/. The site is identified as Phishing attack by Google Chrome.

chrome phishing .

So disabled the phishing and Malware protection from the browser settings and access the site again. No signatures were triggered on Security Onion Snort. Received following response :

tcp stream The site resolves to – ehub36.webhostinghub.com – a free webhosting.

The site actually belongs to Antonia Hall a publicist.

Below are the IOC’s:

Conclusion :

I did not find anything malicious besides this being a unsuccessful attempts for a user to click on a link. Also, the URL is not accessible anymore.

Related Posts

Leave a Reply

%d bloggers like this: