Translate

5/04/2014

PHISHING SCAM !
Subject: The hottest sex positions in the world from:
wonder-save.de (IP: 46.137.116.197)



SPAM - SCAM - PHISHING DOMAIN
(MAIL THROUGH sexpositions@load-next.com)

http://www.wonder-save.de/
  • https://www.virustotal.com/de/url/4cbee3944f626152a7b0e565989dfcdfa97128d9e1661e8b2f881544bdcf38a7/analysis/1399057180/
HTML=LOOOOOOOLLL (Rattenscharfe Amateute am laufenden Band)
  • https://www.virustotal.com/de/file/d079714ab2586e4eb1d64bdea7ea0904160f2c848b0cb84b1c4040e82f79e501/analysis/1399057765/


BitDefender DOMAIN information: "This URL domain/host was seen to host badware at some point in time"


DOMAIN BLACKLISTED AT:
1) WOT
  • https://www.mywot.com/en/scorecard/wonder-save.de
2) SURBL
  • http://www.surbl.org/lists
3) JoeWein
  • http://www.joewein.net/
ADDITIONAL LINK:
http://www.wonder-save.de/o/e181067801c9b41237c8ca23126a2754c00befbb41d019e0470c71483874f92d
  • https://www.virustotal.com/de/url/2a9d116e843f5d5ca49d2b1e8fecb2be80998c6d79b9fccfeacd62a13a0f4ee3/analysis/1399063964/
HTMLSRC
  • https://www.virustotal.com/de/file/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/analysis/1398895856/
REDIRECTION TO --->
http://www.medusa.mx/open/e181067801c9b41237c8ca23126a2754c00befbb41d019e0470c71483874f92d
  • https://www.virustotal.com/de/url/d8053385191d602cccc3bde8afc22a3f99814f27d239f74787787b55b110a46f/analysis/
HTMLSRC
  • https://www.virustotal.com/de/file/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/analysis/1398895856/
DOMAIN:
http://www.medusa.mx/
  • https://www.virustotal.com/de/url/a451ede892082c712db5d49ed9152ed9bb0dd59aad190acb4be3d4d1320b8bfc/analysis/1399064361/
IP:
http://176.34.253.56/
  • https://www.virustotal.com/de/url/d4999bea2206837dff08b433a4c099eb794b7f1e3c5aafb7cad21895a2382f86/analysis/1399065373/
  • https://www.virustotal.com/de/ip-address/176.34.253.56/information/
REDIRECTS TO --->
http://newsletterabo.com/
  • https://www.virustotal.com/de/url/53fb33f8aea6cfadcd5fcaea7cf34509d2e95721acefa4058490a024d37eb9bd/analysis/1399064949/
IP:
http://62.129.143.124/
  • https://www.virustotal.com/de/url/753211dc1d21447d75875e36d3dd36c195078e99d32c3039c3dbee0232c96cd6/analysis/1399066574/
  • https://www.virustotal.com/de/ip-address/62.129.143.124/information/
LISTED AT SPAMHAUS (SBL):
  • http://www.spamhaus.org/query/bl?ip=62.129.143.124
Some 5000 SPAMVERTIZED DOMAINS ARE hosted HERE:
  • http://www.spamhaus.org/sbl/query/SBL112409
WEB-REP: POOR
EMAIL-REP: POOR
  • http://www.senderbase.org/lookup/?search_string=62.129.143.124
HTMLSRC
  • https://www.virustotal.com/de/file/ed3d4bf96a6e2c0c0f9ac7b27701b8dbab3fbfeb8078a3b4a847c1a797d8cd6d/analysis/1399064611/
SEE AS WELL:
  • http://sitecheck.sucuri.net/results/www.medusa.mx
  • http://sitecheck.sucuri.net/results/newsletterabo.com
-----------------------

MAIL SENT THROUGH:
http://load-next.com/
  • https://www.virustotal.com/de/url/7ac028fb0869d91755fb1a260da32b7189872856761e98b271bbf7c54283b670/analysis/1399061768/
  • https://www.virustotal.com/de/file/989e7a7c0680624b684c78468a1a1909c98a96dbce68c3a6d9a7d9122314aceb/analysis/1399061565/
  • https://www.virustotal.com/de/file/4ee70fe07827224c29f73047c71569c8fe740b370506cdd8b13e203a0ea5244d/analysis/1399061582/
IP:
http://95.130.125.232/ (AUSTRIA)
  • https://www.virustotal.com/de/url/e75688860b8f4224a5c62a7bfdb9c424a7a1e97e237eb40730d991c7d7e2ea42/analysis/1399063376/
  • https://www.virustotal.com/de/ip-address/95.130.125.232/information/
Fwd/Rev DNS Match: NO
  • http://www.senderbase.org/lookup/?search_string=95.130.125.232
-----------------------

IP:
http://46.137.116.197/
  • https://www.virustotal.com/de/url/1475cbe1f128f13cfbc44a6ef054af0e4edbfe87b1a881fcf912045eb62ab857/analysis/1399059664/
  • https://www.virustotal.com/de/ip-address/46.137.116.197/information/

Keine Kommentare:

Kommentar veröffentlichen