Malicious or spam emails are frequent but one of the best ways to get a system/host infected.
Recently I received an email from one of the Big 4 banks of Australia – Westpac.
Very first thing was I am not a customer so definitely it was a phishing scam.
Actual Email
Actual email is a bit unprofessional. The URL is ending with Bankingx. Email is coming from west-pac@bbodyregistry.com.
Looking at the email headers the originating IP address is 41.57.96.54. Email headers also shows the email came from IP 197.232.31.99. Geo location of both IP address is Kenya.
Virustotal results : https://www.virustotal.com/en/ip-address/41.57.96.54/information/
IP Address does have few malicious URL’s detected previously.
Clicking on the URL in the email it re-directs to http://antoniahallcommunications.com/referrer/. The site is identified as Phishing attack by Google Chrome.
So disabled the phishing and Malware protection from the browser settings and access the site again. No signatures were triggered on Security Onion Snort. Received following response :
The site resolves to 198.46.82.80 – ehub36.webhostinghub.com – a free webhosting.
The site actually belongs to Antonia Hall a publicist.
Below are the IOC’s:
197.232.31.99
41.57.96.54
bbodyregistry.com
Conclusion :
I did not find anything malicious besides this being a unsuccessful attempts for a user to click on a link. Also, the URL is not accessible anymore.