Translate

4/16/2014

PHISHING MAIL from:
www.med-equip.com.tn (IP: 193.95.93.62)
HTML:Script-inf
(THAILAND & TUNESIA)
"!Keep It Simple In The Bed retread"
gaecaoro@totbb.net



PHISHING SPAM & MALWARE:
HTML:Script-inf
ROGUE MEDICATIONS (THAILAND & TUNESIA)

DOMAIN:
http://www.med-equip.com.tn/
  • https://www.virustotal.com/de/url/b9fb02cf988d929e6a2c86e2570c607bf20bce182b931092f2afdb72cc30a153/analysis/1397659999/
HTML
  • https://www.virustotal.com/de/file/c6b1a536e10e685f7eb2e7875e1385070f1381d3c7142d6bf35cdd99f464baea/analysis/1397660454/
E-MAIL LINK:
http://www.med-equip.com.tn/geriforte.html
  • https://www.virustotal.com/de/url/403d17cc13d16d4f05fde4699d1fbb319c5aad5af693f5526c82a0d4558455e8/analysis/1397659995/
HTML:Script-inf
  • https://www.virustotal.com/de/file/af51c501f333a7a1c81a7e64f09850d249a22283e6731df4482a58bd9134838d/analysis/1395389479/
SREENSHOT PHISHING MAIL
IP:
http://193.95.93.62/
  • https://www.virustotal.com/de/url/4842c7f2236d8e6fb467f709bf7833ffbd3907a913681c44dddb94a0ce54293b/analysis/1397662127/
  • https://www.virustotal.com/de/ip-address/193.95.93.62/information/
LISTED AT SPAMHAUS (SBL):
  • http://www.spamhaus.org/query/bl?ip=193.95.93.62
  • http://www.spamhaus.org/sbl/query/SBL204400
WEB-REP: POOR
EMAIL-REP: POOR
  • http://www.senderbase.org/lookup/?search_string=193.95.93.62
www.med-equip.com.tn/geriforte.html REDIRECTS TO:
http://triptabletspharmacy.ru/
  • https://www.virustotal.com/de/url/9a59b27ab7899a59763aed3092d887621a3a55c684227a7471fd05f2803da02d/analysis/1397661510/
IP triptabletspharmacy.ru:
http://107.182.164.141/
  • https://www.virustotal.com/de/url/ed96c08ef5482160f445fcd3665d2e8991ff0ba2a0f74d73c063227b5a59b89d/analysis/1397662386/
  • https://www.virustotal.com/de/ip-address/107.182.164.141/information/
  • http://www.senderbase.org/lookup/?search_string=107.182.164.141
SEE ALSO:
  • http://zulu.zscaler.com/submission/show/b6bc817a43647a0fa89d3e68a44e696b-1397660255
  • http://zulu.zscaler.com/submission/show/8d1a7645f4d5da4e722e8c11b95b4e9c-1397660264
  • https://urlquery.net/report.php?id=1397660035929
MAIL SENT "FROM":
http://totbb.net/
  • https://www.virustotal.com/de/url/dfc051bf8979828be83f9b5b0ffe9d372302dc7d88bb2aa8ebc289437bcd6a23/analysis/1397660871/
IP totbb.net:
http://203.113.9.20/
  • https://www.virustotal.com/de/url/c62bc82dab5ac1d2100e2fc5fc26972ca6bd86d8b55925645540eadeff8279f7/analysis/1397662629/
  • https://www.virustotal.com/de/ip-address/203.113.9.20/information/
ORIGINATING IP ADRESS FROM MAIL:
http://111.84.115.252/
  • https://www.virustotal.com/de/url/9b7ee547d226d4fc171a124b383f6528b8308ad493efb984a6d9a0dd7a637440/analysis/
  • https://www.virustotal.com/de/ip-address/111.84.115.252/information/
LISTED AT SPAMHAUS (PBL):
  • http://www.spamhaus.org/query/bl?ip=111.84.115.252
EMAILREP: POOR
  • http://www.senderbase.org/senderbase_queries/detailip?search_string=111.84.115.252
Eingestellt von um
Labels: , , , , , , , , , , , ,
Standort: Tunesien

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)