Translate

12/23/2013

HAPPY CHRISTMAS: PHISHING, SCAM, SPAM URLs: www.isplifenet.com - 14-tataidc.co.in & several others

POTENTIALLY MALICIOUS SPAM, SCAM, PHISHING SITE:


DOMAIN(s):
www.isplifenet.com
  • https://www.virustotal.com/de/url/83a2bf1be9701c6883cec19cb12e72126c6b3aa094443aedc1e8228945860eac/analysis/1387450541/ 
unsubscribe.isplifenet.com
  •  https://www.virustotal.com/de/url/a8b3138ffd14b3d2709266e6a93af77e439ad57160a6e1c53259207c0e2dc585/analysis/1387450543/
14-tataidc.co.in
  • https://www.virustotal.com/de/url/cebc38f55209a66ca7a399a9fd6b689a70adc70990f8899e16d441314ad4d953/analysis/1387450550/
  • https://www.virustotal.com/de/file/2ad60c60be6754ca7a727706a038a4c87f679f9f12de43f793977825693cfc4e/analysis/1387451422/
  • http://jsunpack.jeek.org/?report=8e333daedf51fd032e4cc5581052ec42a57ecc95
  • https://urlquery.net/report.php?id=8449364
THIS DOMAIN IS LISTED AT SPAMHAUS:
  • http://www.spamhaus.org/dbl/removal/record/14-tataidc.co.in
  • https://www.mywot.com/en/scorecard/14-tataidc.co.in
  • http://quttera.com/detailed_report/14-tataidc.co.in
---> REDIRECTS 
ww2.14-tataidc.co.in
  • https://www.virustotal.com/de/url/b95ff21454f1ebdb3fffce0fd71e2c8f6ce43fa8d2a602c6cb06998c9870b6bd/analysis/1387452324/
OTHER DOMAINS INVOLVED:
otnnetwork.net
  • https://www.virustotal.com/de/url/40635e98f9e9a3e150419d3af5671d4cfc7a51bc7c2fa58e80f2986782fad6fc/analysis/1387452535/
LISTED AT SURBL:
  • http://www.surbl.org/surbl-analysis
LISTED AT DNS-BH:
  • http://www.malwaredomains.com/
  • http://www.mywot.com/en/scorecard/otnnetwork.net
spi.domainsponsor.com
  • https://www.virustotal.com/de/url/f565870c0bacdea851e5571ee9f4440eb4f3aad0f2c0817195cf4ced3cf41e99/analysis/1387452634/
LISTED AT hpHosts:
  • http://hosts-file.net/?s=spi.domainsponsor.com
  • https://www.mywot.com/en/scorecard/spi.domainsponsor.com
p1.dntrck.com
  • https://www.virustotal.com/de/url/8afebde2e1a8a83b3837e6b1f14a5d734119f61d7f951af3f6a26c390547103e/analysis/1387452717/
  • https://www.mywot.com/en/scorecard/p1.dntrck.com
  • http://quttera.com/detailed_report/p1.dntrck.com
www.dntx.com
  • https://www.virustotal.com/de/url/f7cc059efe657567de6671f3f76727dabae4997d70a01bd53a0257de2e1833e9/analysis/1387452924/
LISTED AT hpHosts
  • http://hosts-file.net/?s=dntx.com
  • https://www.mywot.com/en/scorecard/dntx.com
gw1r.safeinternetads.com
  • https://www.virustotal.com/de/url/117639845a659c313fde22983a46e4488249b57da4bbf3aa6d3e402d4303d0c6/analysis/1387453084/
  • http://quttera.com/detailed_report/gw1r.safeinternetads.com
exclusiverewards.freegamesey.com (RBN 138)
  • https://www.virustotal.com/de/url/fba0ab5df6ddcb139fdc1eaad0ce0acc631ab5796e64e5a00553f452fd30b941/analysis/1387470817/
  • http://trafficlight.bitdefender.com/info?url=http://exclusiverewards.freegamesey.com
ocsp.thawte.com
  • https://www.virustotal.com/de/url/4ca0caf577326a1de1a2100716e7bd04082cb3d44ea6a233550e1fa9e9f975ea/analysis/1387453812/
  • https://www.mywot.com/en/scorecard/ocsp.thawte.com
vcgrn.trackvoluum.com
  • https://www.virustotal.com/de/url/ca0189815c4733156e39fdd3d4376a92ccbc30ec2292ee24c7d53857a7ae02b7/analysis/1387453892/
  • http://www.siteadvisor.com/sites/vcgrn.trackvoluum.com
 rewardzone.bestasavingas.com
  • https://www.virustotal.com/de/url/2d1a7ceaf1bbd072ca6613a4995058067d16094453bf5092256f0a9e9bfbd816/analysis/
  • http://trafficlight.bitdefender.com/info?url=http://rewardzone.bestasavingas.com
static.rewardzone.bestasavingas.com
  • https://www.virustotal.com/de/url/89c5dff71d710c9a793758f9820ac563d53927984ee16ea3f5eb88adaf0e940a/analysis/1387481019/
  • http://trafficlight.bitdefender.com/info?url=http://static.rewardzone.bestasavingas.com
bidr.trellian.com
  • https://www.virustotal.com/de/url/33898ecfbb88e9e73f39497a79483b06600b9175c69e446dd3b08b7e5410c0a1/analysis/
  • https://www.mywot.com/en/scorecard/bidr.trellian.com
www.newbie-trading.com
  • https://www.virustotal.com/de/url/0fda33c577354dba8fafc0c69c37b3008522c1a814f9b1ce24f396348780c24c/analysis/1387456562/
r14---sn-aigllne7.googlevideo.com
  • https://www.virustotal.com/de/url/813c9d8a55d01af66b5973074ac14e2f0120a135dcfd2bc8ddba927162849b3f/analysis/1387456805/
r1---sn-uxap5nvoxg5-j2il.googlevideo.com
  • https://www.virustotal.com/de/url/b6a019f549cf20558481ace3f7691c9e9b79120bac589311034869c0bacfe5a0/analysis/1387457049/
-------------------------------------------
IPs ---> DOMAINs:

1)

14-tataidc.co.in: 69.43.160.163
  • https://www.virustotal.com/de/url/52e7d87c4cdf0ac9061883413b6155a0ab72a0a9001c103f4a615cbbe8290843/analysis/1387455602/
Bad Host Appearances: 3.601 Times
  • https://www.projecthoneypot.org/ip_69.43.160.163
  • https://www.virustotal.com/de/ip-address/69.43.160.163/information/
-------------------------------------------
2a)

ww2.14-tataidc.co.in: 208.73.210.82
  • https://www.virustotal.com/de/url/644a05a90a0ef4f3d7ef48811d4fb8dd47822e399e52f23e3dd10199632c004d/analysis/1387458238/
  • https://www.virustotal.com/de/ip-address/208.73.210.82/information/
HOSTNAME: searchportal.information.com
  • https://www.virustotal.com/de/url/e8f4eeba2dac3a5da0e0d47b8be9abe830eff7e5eb6a20436e41857ef9fc5874/analysis/1387458439/
DOMAIN: information.com
  • https://www.virustotal.com/de/url/e6f81a2bf160fc0b03d4a5f9b9bf20e8df1db9dcd7132afb032c74bd14c1709d/analysis/
NETWORK OWNER: oversee.net
  • https://www.virustotal.com/de/url/f15b51ff5adc0d4ef194cb4e8defc8d18ccb9fa99410505abfd57d42d7c82e49/analysis/1387458701/
  • http://www.senderbase.org/lookup/?search_string=208.73.210.82
2b)

information.com: 54.208.229.237
  • https://www.virustotal.com/de/url/83c3cfeebe61ec3c0f4e9357c4762fb71172e3521e56a397c888fb1843cffe70/analysis/1387466571/
  • https://www.mywot.com/en/scorecard/information.com
LISTED AT hpHosts:
  • http://hosts-file.net/?s=information.com
2c)

oversee.net: 204.13.160.53
  • https://www.virustotal.com/de/url/d79ba406a18021762f074ff83bf768c5b35e8b6cdb6eb6e11f7cb3ffa51f7159/analysis/1387467268/
  • https://www.mywot.com/en/scorecard/oversee.net
LISTED AT hpHosts
  • http://hosts-file.net/?s=oversee.net
-------------------------------------------
3)

otnnetwork.net: 208.73.210.16
  • https://www.virustotal.com/de/ip-address/208.73.210.16/information/
  • https://www.virustotal.com/de/url/23bfc10d15f39cfdd3790669b5c23acecb9f04b255ed30ceb16b2fd518148200/analysis/
-------------------------------------------
4)

spi.domainsponsor.com: 204.13.161.51
  • https://www.virustotal.com/de/url/f914c5a0ab5388332b89d0d89732474c01da6ed29231e13446198dc83bc647e6/analysis/1387468194/
  • https://www.virustotal.com/de/ip-address/204.13.161.51/information/
-------------------------------------------
5)

p1.dntrck.com: 107.23.206.187
  • https://www.virustotal.com/de/url/7ca8bad2dd427c3d5ee77a10b29af0da63025109fe63077b575801b9b4122fee/analysis/1387468593/
-------------------------------------------
6a)

www.dntx.com: 54.208.38.17
  • https://www.virustotal.com/de/url/e3593a49a17fbfd20b5a730aa801c440d4a3e8d8846bb6a2e399769225f56ec6/analysis/1387469091/
  • http://quttera.com/detailed_report/54.208.38.17
TCP connections: 54.208.38.17:443
  • https://www.virustotal.com/de/file/cb9c22b64d1f1af46600b38bc13eb3f760664ee2ba32cda399af1e1f0464fe28/analysis/
6b)

dntx.com: 62.116.130.8
  • https://www.virustotal.com/de/url/b7f1c044424b92c7dd2cca5e69e8ac13eacd532247760e7a02da04a76ce3ad19/analysis/1387469465/
  • https://www.virustotal.com/de/url/7c2b6eb64df33a6b3080764a920d6b05581284eda231cd8b567fb86b324e94a8/analysis/1387469524/
  • https://www.virustotal.com/de/ip-address/62.116.130.8/information/
Bad Host Appearances: 25
  • https://www.projecthoneypot.org/ip_62.116.130.8
-------------------------------------------
7a)

gw1r.safeinternetads.com: 128.204.198.72
  • https://www.virustotal.com/de/url/9dfd48f981ed367ce2506da0dd926a03aaeccf82616f3c11484200cf123b871e/analysis/1387470957/
Fwd/Rev DNS Match: No
  • http://www.senderbase.org/lookup/?search_string=128.204.198.72
HOSTNAME: hosted-by.snelis.com
  • https://www.virustotal.com/de/url/8aa229442adfec4cf273a588476bd1567221ce7ef5649b40d3e89103df1472e1/analysis/1387471794/
DOMAIN: snelis.com
  • https://www.virustotal.com/de/url/c33dba36b8e43bb4a6474f2ec0c3f5beefa68bc7ff5f2c7101b7639fcb10adcc/analysis/1387473209/
7b)

hosted-by.snelis.com: 5.104.225.6
  • https://www.virustotal.com/de/url/12e2db8537dd2fc3420f76ab3d76124e4d89ee90e8b2a8781135a0a8cdb36168/analysis/1387472807/
Web Reputation: Poor
  • http://www.senderbase.org/lookup/host/?search_string=hosted-by.snelis.com
LISTED AT DNS-BH
  • http://www.malwaredomains.com/
LISTED AT D-SHIELD.ORG
  • http://www.dshield.org/suspicious_domains.html#search
  • http://sitecheck.sucuri.net/results/hosted-by.snelis.com
7c)

snelis.com: 5.104.225.6
  • https://www.virustotal.com/de/url/12e2db8537dd2fc3420f76ab3d76124e4d89ee90e8b2a8781135a0a8cdb36168/analysis/1387472807/
  • http://sitecheck.sucuri.net/results/snelis.com
  • http://quttera.com/detailed_report/snelis.com
-------------------------------------------
8a)

exclusiverewards.freegamesey.com: 209.222.16.2
  • https://www.virustotal.com/de/url/e970941401a83d22b197e5b4b76977b1770e8ee762c50c1b89cb12ba9342eb65/analysis/
HOSTNAME: hosted-by.reliablesite.net
  • https://www.virustotal.com/de/url/530088ff7a44ced367de007cc63560634567a00901eee54101f431d868a72564/analysis/1387474609/
  • https://www.mywot.com/en/scorecard/hosted-by.reliablesite.net
DOMAIN: reliablesite.net
  • https://www.virustotal.com/de/url/2158f207cd2a11d253f129ed8fc21f96df30b8fe81be9b1d30b1c609241d0ed9/analysis/1387474851/
  • https://www.mywot.com/en/scorecard/reliablesite.net
NETWORK OWNER: www.choopa.com
  • https://www.virustotal.com/de/url/c2cc2e127f94daa6b89046f4cebdd76f35eaec21e7bcc9254268d38868caaaa1/analysis/1387475338/
8b)

www.choopa.com: 64.237.47.23
  • https://www.virustotal.com/de/url/daf9829742fcbf9d97f174ab13a4e05d773514d0de92ae9457aae73d3ddadc0b/analysis/1387476198/
  • https://www.virustotal.com/de/url/0a1c21aae102da150159cfdf88ec0a25416953d8101424458127404cf904a1c1/analysis/
  • https://www.virustotal.com/de/ip-address/64.237.47.23/information/
  • http://quttera.com/detailed_report/64.237.47.23
SEE ALSO: https://www.mywot.com/en/scorecard/choopa.com
-------------------------------------------
9)

ocsp.thawte.com: 199.7.48.72
  • https://www.virustotal.com/de/url/407a618a010795872671e7a882fe2ad4939b68fd484a6edacbb3e718bb4f1081/analysis/1387477362/
-------------------------------------------
10)

vcgrn.trackvoluum.com: 54.246.173.202
  • https://www.virustotal.com/de/url/c3f8254938a5999138732c602604aa59ff42ee85193f54cbed9424c310383f63/analysis/1387478173/
-------------------------------------------
11a)

rewardzone.bestasavingas.com: 217.23.2.245
  • https://www.virustotal.com/de/url/cdc35a39e44632a1f3e89ce415a28b27ca2335e3ef7ebb99543c8621f21c02da/analysis/1387478662/
HOSTNAME: customer.worldstream.nl
  • https://www.virustotal.com/de/url/fa690a6ef35209ef852a20f696f7750bc498ea5f5fe252c0d00b1bebf724a2a0/analysis/1387478901/
  • https://www.mywot.com/en/scorecard/customer.worldstream.nl
DOMAIN: worldstream.nl
  • https://www.virustotal.com/de/url/8ac640f4649ae042143c9749c3924ba6c42f2f19ced19b515ae92f20fc27cfc1/analysis/1387479250/
LISTED AT DNS-BH
  • http://www.malwaredomains.com/
  • https://www.mywot.com/en/scorecard/worldstream.nl
  • http://quttera.com/detailed_report/worldstream.nl
Web Reputation: Poor
  • http://www.senderbase.org/lookup/domain/?search_string=worldstream.nl
11b)

worldstream.nl: 93.190.136.5
  • https://www.virustotal.com/de/url/539941b2536aaeb29e40558a97f30e5b1b4c7aebec741d83bcc3947dfad94c7b/analysis/1387480350/
  • https://www.virustotal.com/de/ip-address/93.190.136.5/information/
  • http://quttera.com/detailed_report/93.190.136.5
  • https://www.mywot.com/en/scorecard/93.190.136.5
-------------------------------------------
12)

static.rewardzone.bestasavingas.com: 198.105.212.101
  • https://www.virustotal.com/de/url/cd347941677fae5e62953894293718fea6475c9e98097ce8ab8f25d074022d3c/analysis/1387481172/
-------------------------------------------
13)

bidr.trellian.com: 69.43.160.215
  • https://www.virustotal.com/de/url/53bf7c6c15f0950bc94b1c783edfc9b20a34219e7eb96d2665c81d735f76a4f8/analysis/1387481732/
  • https://www.virustotal.com/de/ip-address/69.43.160.215/information/
DOMAIN: trellian.com
  • https://www.virustotal.com/de/url/65d93b29c209a0879bf92e3eae289910a89fa06fbd61906dd66c719a913c73ec/analysis/1387481893/
LISTED AT hpHosts
  • http://hosts-file.net/?s=trellian.com
  • http://quttera.com/detailed_report/69.43.160.215
  • https://www.mywot.com/en/scorecard/trellian.com
IP: trellian.com: 69.43.160.5
  • https://www.virustotal.com/de/url/7b46d2ac80262cf01a5b8cca1c60ee03c63bc818c0c1f8f340b2c689068017fb/analysis/1387482135/
-------------------------------------------
14)

www.newbie-trading.com: 213.175.203.194
  • https://www.virustotal.com/de/url/cdf2257ff6af306f523439638ceb9c59025dd39e7acf88a864f54f09470b0837/analysis/1387482490/
-------------------------------------------
15)

r14---sn-aigllne7.googlevideo.com: 74.125.4.179
  • https://www.virustotal.com/de/url/ca40378c40c566e293fc9d5308d4e319d6f600245c384d5fd8c3b6bdc386aa89/analysis/1387484517/
-------------------------------------------
16)

r1---sn-uxap5nvoxg5-j2il.googlevideo.com: 80.239.174.108
  • https://www.virustotal.com/de/url/3506588a00db2e39fe2545dfd9858ad437aed440a99a7083120cd936d1877ca3/analysis/1387484783/
HOSTNAME: 80-239-174-108.customer.teliacarrier.com
  • https://www.virustotal.com/de/url/078b51d98008fdf0de705e16c2fe3c55f43bba1e577af6bfb04a9bfc147e6136/analysis/1387485014/
  • http://trafficlight.bitdefender.com/info?url=http://80-239-174-108.customer.teliacarrier.com
DOMAIN: customer.teliacarrier.com
  • https://www.virustotal.com/de/url/b78c2d9cc6f5e2c7cca0b9b84cf656a08087f8ec96ca716b51b0dd709a544728/analysis/1387484867/
  • http://trafficlight.bitdefender.com/info?url=http://customer.teliacarrier.com
 

SCREENSHOT



Header Analysis Quick Report
Originating IP: 13.11.20.22
Originating ISP: Xerox Corporation
City: Norwalk
Country of Origin: United States
* For a complete report on this email header goto ipTRACKERonline
Eingestellt von um
Labels: , , , , , ,

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)