Snowshoe Spam & PHISHING from hintcontrol.com "Recevez vos 2222Eur de B0nus" ("Receive a 2222 Euro Bonus) Hamilton, CANADA IP: 68.66.63.47 (Listed at SPAMHAUS)

Recevez vos 2222€ de

bienvenue maintenant!

En plus de cela, nous offrons des bonus gratuits speciaux.

 Voici comment recevoir vos 2222€:

• Ouvrez un compte

• Allez sur le chat en direct en cliquant ici et ecrivez le code suivant: 2222

• Selectionnez un jeu auquel vous aimeriez jouer depuis les options disponibles

• Vous avez 48 heures pour prendre le bonus

Contactez-nous pour reclamer vos 2222€.

L'equipe chaleureuse du support est disponible 24/7.

Soyez rapide - Cette offre est valable pour une periode limitee!

Cordialement,
John F.

MAIL SCREENSHOT

 --------------------------------------------------------------------------------------------------------------------------------------------

PHISHING, SPAM & SCAM DOMAIN:

http://hintcontrol.com/

• https://www.virustotal.com/de/url/d08035f592b89fcc08f095f6223461b8398777c25df0021def4233588d6d0577/analysis/1400676550/

OTHER LINKS IN THE MAIL:

http://hintcontrol.com/link.php

• https://www.virustotal.com/de/url/a4e0ade9db3e028e094bf4969ce3b7cb80783d9d3f6ecf1478f780aae2dc235c/analysis/1400676704/

• https://www.virustotal.com/de/file/22fc373d3b3ab36009613adfd7bb60f7135a4f510aa31808856e721dd5799d0c/analysis/1391621840/

http://hintcontrol.com/open.php

• https://www.virustotal.com/de/url/7da87cb951f0d660fc77ec4729444510a0306b278147b9baeef07553f0b39f58/analysis/1400676746/

• https://www.virustotal.com/de/file/dd5bdccb831d1b19c505bd3e67553f6049cea2e20dba7eb231a02ed0103e521f/analysis/1400396318/

http://hintcontrol.com/unsubscribe.php

• https://www.virustotal.com/de/url/4b68e4d1860ce9b98bbf19294b988dede6aa7c34ef59a64241698795940def92/analysis/1400676787/

• https://www.virustotal.com/de/file/fb18ec2dc45858efd8a69d17873eb1a92801a4af8e6b6a44b03e9e7a69d11ffd/analysis/1391621799/

BLACKLISTS:

• http://www.spamhaus.org/query/domain/hintcontrol.com
• https://www.mywot.com/en/scorecard/hintcontrol.com
• http://www.surbl.org/lists
• http://zulu.zscaler.com/submission/show/4e639b2311aa3e474bcb1eba327a1e3a-1400676384

DOMAIN-IP (ANALYSIS MOMENT):

http://68.66.63.47/

• https://www.virustotal.com/de/url/fc053947e300bbe62a101a18295c553058b0ff9912a9c414cb539a19f512d509/analysis/1400677067/
• https://www.virustotal.com/de/ip-address/68.66.63.47/information/

SNOWSHOE SPAM BLACKLISTED AT:

• http://www.spamhaus.org/query/bl?ip=68.66.63.47
• http://www.spamhaus.org/sbl/query/SBL218662
• http://www.spamhaus.org/sbl/listings/networxhosting.com
• http://networxhosting.com/
• https://www.virustotal.com/de/url/7d49824dde2a6c1f3bf7794240fb4638a87c1c1e420a2a65720a791662f96543/analysis/1400677424/
• http://www.senderbase.org/lookup/?search_string=68.66.63.47
• http://zulu.zscaler.com/submission/show/ec6dd530622db7ec31301159b81b7e9c-1400676906

MAIL ORIGINATING IP(s):

http://14.4.22.14/ (SOUTH KOREA)

• https://www.virustotal.com/de/url/b4587224cb226aefacab1ed4e70d2e0695db607469fdb4c0f5c2084182957e5b/analysis/1400677788/

LISTED AT SPAMHAUS (SBL & DROP)

• http://www.spamhaus.org/query/ip/14.4.22.14
• http://www.spamhaus.org/sbl/query/SBL187947
• http://www.senderbase.org/lookup/?search_string=14.4.22.14

http://68.66.63.122/

• https://www.virustotal.com/de/url/379fe4b9d56b57279031e9cf4f00f5452269914c30abdc837c567845c0dd49cb/analysis/1400678183/

LISTED AT SPAMHAUS (SBL):

• http://www.spamhaus.org/query/bl?ip=68.66.63.122
• http://www.spamhaus.org/sbl/query/SBL218662
• http://www.senderbase.org/lookup/?search_string=68.66.63.122

IP RANGE INCLUDES THE FOLLOWING BLACKLISTED DOMAINS (IPs):

68.66.63.2    sightsetup.com    listed
68.66.63.3    setuplevel.com    listed
68.66.63.4    setupidea.com    listed
68.66.63.5    setupgrade.com    listed
68.66.63.6    directsetup.com    listed
68.66.63.7    setuphint.com    listed
68.66.63.8    ranklevel.com    listed
68.66.63.9    hintrank.com    listed
68.66.63.10    sightbusiness.com listed
68.66.63.11    officelevel.com    listed
68.66.63.12    sortideas.com    listed
68.66.63.13    steadysort.com    listed
68.66.63.14    guidehint.com    listed
68.66.63.15    sightlead.com    listed
68.66.63.16    steadylead.com    listed
68.66.63.17    leadsetup.com    listed
68.66.63.18    setuplead.com    listed
68.66.63.19    managesight.com    listed
68.66.63.20    managestatus.com listed
68.66.63.21    managesetup.com    listed
68.66.63.22    hintcontrol.com    listed
68.66.63.23    controlimage.com listed
68.66.63.24    pointsteady.com    listed
68.66.63.25    setupoint.com    listed
68.66.63.26    channelidea.com    listed
68.66.63.27    sightsetup.com    listed
68.66.63.28    setuplevel.com    listed
68.66.63.29    setupidea.com    listed
68.66.63.30    setupgrade.com    listed
68.66.63.31    directsetup.com    listed
68.66.63.32    setuphint.com    listed
68.66.63.33    ranklevel.com    listed
68.66.63.34    hintrank.com    listed
68.66.63.35    sightbusiness.com listed
68.66.63.36    officelevel.com    listed
68.66.63.37    sortideas.com    listed
68.66.63.38    steadysort.com    listed
68.66.63.39    guidehint.com    listed
68.66.63.40    sightlead.com    listed
68.66.63.41    steadylead.com    listed
68.66.63.42    leadsetup.com    listed
68.66.63.43    setuplead.com    listed
68.66.63.44    managesight.com    listed
68.66.63.45    managestatus.com listed
68.66.63.46    managesetup.com    listed
68.66.63.47    hintcontrol.com    listed
68.66.63.48    controlimage.com listed
68.66.63.49    pointsteady.com    listed
68.66.63.50    setupoint.com    listed
68.66.63.51    channelidea.com    listed
68.66.63.52    sightsetup.com    listed
68.66.63.53    setuplevel.com    listed
68.66.63.54    setupidea.com    listed
68.66.63.55    setupgrade.com    listed
68.66.63.56    directsetup.com    listed
68.66.63.57    setuphint.com    listed
68.66.63.58    ranklevel.com    listed
68.66.63.59    hintrank.com    listed
68.66.63.60    sightbusiness.com listed
68.66.63.61    officelevel.com    listed
68.66.63.62    sortideas.com    listed
68.66.63.63    steadysort.com    listed
68.66.63.64    guidehint.com    listed
68.66.63.65    sightlead.com    listed
68.66.63.66    steadylead.com    listed
68.66.63.67    leadsetup.com    listed
68.66.63.68    setuplead.com    listed
68.66.63.69    managesight.com    listed
68.66.63.70    managestatus.com listed
68.66.63.71    managesetup.com    listed
68.66.63.72    hintcontrol.com    listed
68.66.63.73    controlimage.com listed
68.66.63.74    pointsteady.com    listed
68.66.63.75    setupoint.com    listed
68.66.63.76    channelidea.com    listed
68.66.63.77    sightsetup.com    listed
68.66.63.78    setuplevel.com    listed
68.66.63.79    setupidea.com    listed
68.66.63.80    setupgrade.com    listed
68.66.63.81    directsetup.com    listed
68.66.63.82    setuphint.com    listed
68.66.63.83    ranklevel.com    listed
68.66.63.84    hintrank.com    listed
68.66.63.85    sightbusiness.com listed
68.66.63.86    officelevel.com    listed
68.66.63.87    sortideas.com    listed
68.66.63.88    steadysort.com    listed
68.66.63.89    guidehint.com    listed
68.66.63.90    sightlead.com    listed
68.66.63.91    steadylead.com    listed
68.66.63.92    leadsetup.com    listed
68.66.63.93    setuplead.com    listed
68.66.63.94    managesight.com    listed
68.66.63.95    managestatus.com listed
68.66.63.96    managesetup.com    listed
68.66.63.97    hintcontrol.com    listed
68.66.63.98    controlimage.com listed
68.66.63.99    pointsteady.com    listed
68.66.63.100    setupoint.com    listed
68.66.63.101    channelidea.com    listed
68.66.63.102    sightsetup.com    listed
68.66.63.103    setuplevel.com    listed
68.66.63.104    setupidea.com    listed
68.66.63.105    setupgrade.com    listed
68.66.63.106    directsetup.com    listed
68.66.63.107    setuphint.com    listed
68.66.63.108    ranklevel.com    listed
68.66.63.109    hintrank.com    listed
68.66.63.110    sightbusiness.com listed
68.66.63.111    officelevel.com    listed
68.66.63.112    sortideas.com    listed
68.66.63.113    steadysort.com    listed
68.66.63.114    guidehint.com    listed
68.66.63.115    sightlead.com    listed
68.66.63.116    steadylead.com    listed
68.66.63.117    leadsetup.com    listed
68.66.63.118    setuplead.com    listed
68.66.63.119    managesight.com    listed
68.66.63.120    managestatus.com listed
68.66.63.121    managesetup.com    listed
68.66.63.122    hintcontrol.com    listed
68.66.63.123    controlimage.com listed
68.66.63.124    pointsteady.com    listed
68.66.63.125    setupoint.com    listed
68.66.63.126    channelidea.com    listed

BAD DOMAIN adr-design-ol.com PLUS Malicious IPs: 14.4.16.3 - 181.174.168.6 - 181.174.168.81 SPAM, SCAM, PHISHING DOMAIN: Snowshoe Spam Operation

Salut 

Combien de fois par heure cliquez-vous sur le bouton de la souris dans votre navigateur? 

Je pane que c'est des centaines et des centaines de lois! 

Ne le dites a personne, mais it y a une facon ties cool de faire de l'argent 83% du temps, en cliquant sur ce bouton comme vous le faites en ce moment. 

Le gain moyen avec ce logiciel est de 106€/heure depuis Novembre 2013. 

Je l'ai testa moi-meme pendant 7 mois quand Veronique me ra recommandee, et vraiment c'est incroyable! 

Prenez quelques minutes de votre temps, coupez votre telephone et regardez entierement la video, tout est explique dessus. 

==> Lien ici

SCREENSHOT PHISH MAIL

SPAM, SCAM, PHISHING DOMAIN: Snowshoe Spam Operation

http://adr-design-ol.com/

• https://www.virustotal.com/de/url/2b72114a732cd699f581e06564480300a8e302d06bfcccbce7ac8166cabd8fa4/analysis/1400167170/

http://adr-design-ol.com/link.php

• https://www.virustotal.com/de/url/37c07091a8879066a884f332cd885e019cafd2b99790b2f11bdc80e3ef9442b6/analysis/1400167420/

• https://www.virustotal.com/de/file/22fc373d3b3ab36009613adfd7bb60f7135a4f510aa31808856e721dd5799d0c/analysis/1391621840/

http://adr-design-ol.com/unsubscribe.php

• https://www.virustotal.com/de/url/11c22e4e1090edcf585d900f1dd4dffdc8a44ed6ed8783daf7a62ec4bc6c0d6f/analysis/1400167493/

• https://www.virustotal.com/de/file/fb18ec2dc45858efd8a69d17873eb1a92801a4af8e6b6a44b03e9e7a69d11ffd/analysis/1391621799/

http://adr-design-ol.com/open.php

• https://www.virustotal.com/de/url/6c2dbb922e3e30f2a112a725319a00d259a8507e3c31126f530f0e2704f4dce6/analysis/1400167554/

• https://www.virustotal.com/de/file/dd5bdccb831d1b19c505bd3e67553f6049cea2e20dba7eb231a02ed0103e521f/analysis/1399916678/

SITE LISTED AT WOT & SURBL:

• https://www.mywot.com/en/scorecard/adr-design-ol.com
• http://www.surbl.org/lists
• http://zulu.zscaler.com/submission/show/2a4986454e03241629220d8e376781b9-1400167304

ORIGINATING IPs:

http://14.4.16.3/

• https://www.virustotal.com/de/url/666d33f841a4e4c68a52e81a9141ea242811e09efcf13f6cecf461500af3a310/analysis/1400167686/

LISTED AT SPAMHAUS (SBL & DROP)

• http://www.spamhaus.org/query/bl?ip=14.4.16.3
• http://www.spamhaus.org/sbl/query/SBL187947
• http://www.senderbase.org/senderbase_queries/detailip?search_string=14.04.16.03

http://181.174.168.6/

• https://www.virustotal.com/de/url/63c86d785b7b16c99eb6fb4aca044191870a6b15de26cb708870377346a8b7d3/analysis/1400168023/

LISTED AT SPAMHAUS (SBL) Snowshoe Spam Operation

• http://www.spamhaus.org/query/bl?ip=181.174.168.6
• http://www.spamhaus.org/sbl/query/SBL217862
• http://www.senderbase.org/lookup/?search_string=181.174.168.6

http://181.174.168.81/

• https://www.virustotal.com/de/url/3df9b921c5e89393664e0be0cfc58137e2396acaf30688aad56f12a79daaeff6/analysis/1400168541/

LISTED AT SPAMHAUS (SBL) Snowshoe Spam Operation

• http://www.spamhaus.org/query/bl?ip=181.174.168.81
• http://www.spamhaus.org/sbl/query/SBL217862
• http://www.senderbase.org/lookup/?search_string=181.174.168.81

PHISHING SCAM ! Subject: The hottest sex positions in the world from: wonder-save.de (IP: 46.137.116.197)

SPAM - SCAM - PHISHING DOMAIN
(MAIL THROUGH sexpositions@load-next.com)

http://www.wonder-save.de/

• https://www.virustotal.com/de/url/4cbee3944f626152a7b0e565989dfcdfa97128d9e1661e8b2f881544bdcf38a7/analysis/1399057180/

HTML=LOOOOOOOLLL (Rattenscharfe Amateute am laufenden Band)

• https://www.virustotal.com/de/file/d079714ab2586e4eb1d64bdea7ea0904160f2c848b0cb84b1c4040e82f79e501/analysis/1399057765/

BitDefender DOMAIN information: "This URL domain/host was seen to host badware at some point in time"

DOMAIN BLACKLISTED AT:

1) WOT

• https://www.mywot.com/en/scorecard/wonder-save.de

2) SURBL

• http://www.surbl.org/lists

3) JoeWein

• http://www.joewein.net/

ADDITIONAL LINK:

http://www.wonder-save.de/o/e181067801c9b41237c8ca23126a2754c00befbb41d019e0470c71483874f92d

• https://www.virustotal.com/de/url/2a9d116e843f5d5ca49d2b1e8fecb2be80998c6d79b9fccfeacd62a13a0f4ee3/analysis/1399063964/

HTMLSRC

• https://www.virustotal.com/de/file/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/analysis/1398895856/

REDIRECTION TO --->

http://www.medusa.mx/open/e181067801c9b41237c8ca23126a2754c00befbb41d019e0470c71483874f92d

• https://www.virustotal.com/de/url/d8053385191d602cccc3bde8afc22a3f99814f27d239f74787787b55b110a46f/analysis/

HTMLSRC

• https://www.virustotal.com/de/file/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/analysis/1398895856/

DOMAIN:

http://www.medusa.mx/

• https://www.virustotal.com/de/url/a451ede892082c712db5d49ed9152ed9bb0dd59aad190acb4be3d4d1320b8bfc/analysis/1399064361/

IP:

http://176.34.253.56/

• https://www.virustotal.com/de/url/d4999bea2206837dff08b433a4c099eb794b7f1e3c5aafb7cad21895a2382f86/analysis/1399065373/

• https://www.virustotal.com/de/ip-address/176.34.253.56/information/

REDIRECTS TO --->

http://newsletterabo.com/

• https://www.virustotal.com/de/url/53fb33f8aea6cfadcd5fcaea7cf34509d2e95721acefa4058490a024d37eb9bd/analysis/1399064949/

IP:

http://62.129.143.124/

• https://www.virustotal.com/de/url/753211dc1d21447d75875e36d3dd36c195078e99d32c3039c3dbee0232c96cd6/analysis/1399066574/

• https://www.virustotal.com/de/ip-address/62.129.143.124/information/

LISTED AT SPAMHAUS (SBL):

• http://www.spamhaus.org/query/bl?ip=62.129.143.124

Some 5000 SPAMVERTIZED DOMAINS ARE hosted HERE:

• http://www.spamhaus.org/sbl/query/SBL112409

WEB-REP: POOR
EMAIL-REP: POOR

• http://www.senderbase.org/lookup/?search_string=62.129.143.124

HTMLSRC

• https://www.virustotal.com/de/file/ed3d4bf96a6e2c0c0f9ac7b27701b8dbab3fbfeb8078a3b4a847c1a797d8cd6d/analysis/1399064611/

SEE AS WELL:

• http://sitecheck.sucuri.net/results/www.medusa.mx
• http://sitecheck.sucuri.net/results/newsletterabo.com

-----------------------

MAIL SENT THROUGH:

http://load-next.com/

• https://www.virustotal.com/de/url/7ac028fb0869d91755fb1a260da32b7189872856761e98b271bbf7c54283b670/analysis/1399061768/

• https://www.virustotal.com/de/file/989e7a7c0680624b684c78468a1a1909c98a96dbce68c3a6d9a7d9122314aceb/analysis/1399061565/

• https://www.virustotal.com/de/file/4ee70fe07827224c29f73047c71569c8fe740b370506cdd8b13e203a0ea5244d/analysis/1399061582/

IP:

http://95.130.125.232/ (AUSTRIA)

• https://www.virustotal.com/de/url/e75688860b8f4224a5c62a7bfdb9c424a7a1e97e237eb40730d991c7d7e2ea42/analysis/1399063376/

• https://www.virustotal.com/de/ip-address/95.130.125.232/information/

Fwd/Rev DNS Match: NO

• http://www.senderbase.org/lookup/?search_string=95.130.125.232

-----------------------

IP:

http://46.137.116.197/

• https://www.virustotal.com/de/url/1475cbe1f128f13cfbc44a6ef054af0e4edbfe87b1a881fcf912045eb62ab857/analysis/1399059664/

• https://www.virustotal.com/de/ip-address/46.137.116.197/information/

SPAM - SCAM - PHISHING MAIL from: www.redcappi.com & b-unitd.com LANSING, MICHIGAN, United States "Re: Ihre Bestellung" rechtsanwalt.maiers@gmail.com

First take a look at this post, also from redcappi.com

http://stayaway2.blogspot.com/2014/04/zdf-eiltachtungschockierende-meldung.html

Latest Redcappi Mail Screenshot

ACHTUNG! Sondernewsletter!

Sie haben keine Bestellung bei uns getätigt, werden es aber wie 97,2% unserer Leser nach dieser Mail tun!

Rührende Geschichte bringt Moderatorin von "Raus aus den Schulden" zu weinen!

Arbeitslos und mit über 130.000 Euro verschuldet! 

Dieser Mann änderte sein Leben und verdient mit diesem System bis zu 263,69 Euro am Tag!

Bald von hohen Schulden zum Reichtum? RTL2 testete Live im TV! 

Die Moderatoren waren verblüfft! Sie können es auch! Uns zwar absolut KOSTENLOS!

Doch es gibt einen Haken! Dieses Patent wird ist leider stark begrenzt.

Denn der Patentbesitzer hat dieses System an eine US Bank verkauft!

Nur Diejenigen, die sich noch rechtzeitig registrieren, dürfen das System lebenslänglichkostenfrei nutzen!

Schauen Sie sich schnell das Video an, das Ihr Leben verändern wird!

HIER GEHT ES ZUM VIDEO 

Sollte der Link nicht funktionieren, dann kopieren Sie bitte die Domain in den Browser:

http://b-unitd.com/9uw 

----------------------------------------------------------------------------------------------------------------------------------------------

http://www.redcappi.com/

• https://www.virustotal.com/de/url/67dc853cd6c065dae93edf295021f261c0c3a2b181cdd28f6780119554a3cfca/analysis/1398617170/

http://b-unitd.com/9uw

• https://www.virustotal.com/de/url/3ac985b1b94ecb91cfe388eea0255b6e5f053b72f4648f5f990c9806fbcd9fc2/analysis/

URL after redirects

http://www.projekt95pro.com/?campaign=6739&ft=1&p=jsbfaeyJhIjoiMTAwODg4IiwiYyI6IjEzOTg2MTczMjU0OTgzNzE1MzUiLCJ4IjoicmVkY2FwcGkzMS4wMy4xNC1BZHJlc3NidXRsZXIifQ==

• https://www.virustotal.com/de/url/6982efa0dcb5cb5914627017685691708d026cca3f3f4430ddf00e8d8a38d5fc/analysis/

OTHER PARTICULAR LINKS in THE EMAIL HEADER:

• http://www.redcappi.com/c/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

• http://www.redcappi.com/newsletter/unsubscribe_mail/unsubscribe/338111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

• http://www.redcappi.com/newsletter/clickrate/create/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW/1

• http://www.redcappi.com/newsletter/clickrate/create/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW/2

• http://www.redcappi.com/newsletter/clickrate/create/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW/3

• http://www.redcappi.com/newsletter/powered_by_redcappi/index/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

• http://www.redcappi.com/webappassets/images-front/thanks-logo.png

• http://www.redcappi.com/newsletter/unsubscribe_mail/unsubscribe/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

• http://www.redcappi.com/newsletter/forward_to_friend/index/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

• http://www.redcappi.com/newsletter/unsubscribe_mail/read/38111/MxgRyfrW5uDADAONCsv15qiM89vMbzudmiJWDSKFgW

ORIGINATING IP(s):

http://14.3.31.13/ (JAPAN)

• https://www.virustotal.com/de/url/666d6c71daa4949cdf56903f33548099340d2ca4d3ba2cb056a4328820b498c4/analysis/1398618595/

http://50.28.15.48/ (Lansing, MICHIGAN)

• https://www.virustotal.com/de/url/9608502cf9ac7e4340127003a8b89f7570d61229ce1b67f641f5ff893bba974b/analysis/1398618787/

SPAM MAILSERVER FROM MICHIGAN:

MAILS SENT FROM IP: 144

• https://www.projecthoneypot.org/ip_50.28.15.48

PHISHING MAIL from: www.med-equip.com.tn (IP: 193.95.93.62) HTML:Script-inf (THAILAND & TUNESIA) "!Keep It Simple In The Bed retread" gaecaoro@totbb.net

PHISHING SPAM & MALWARE:
HTML:Script-inf
ROGUE MEDICATIONS (THAILAND & TUNESIA)

DOMAIN:

http://www.med-equip.com.tn/

• https://www.virustotal.com/de/url/b9fb02cf988d929e6a2c86e2570c607bf20bce182b931092f2afdb72cc30a153/analysis/1397659999/

HTML

• https://www.virustotal.com/de/file/c6b1a536e10e685f7eb2e7875e1385070f1381d3c7142d6bf35cdd99f464baea/analysis/1397660454/

E-MAIL LINK:

http://www.med-equip.com.tn/geriforte.html

• https://www.virustotal.com/de/url/403d17cc13d16d4f05fde4699d1fbb319c5aad5af693f5526c82a0d4558455e8/analysis/1397659995/

HTML:Script-inf

• https://www.virustotal.com/de/file/af51c501f333a7a1c81a7e64f09850d249a22283e6731df4482a58bd9134838d/analysis/1395389479/

SREENSHOT PHISHING MAIL

IP:

http://193.95.93.62/

• https://www.virustotal.com/de/url/4842c7f2236d8e6fb467f709bf7833ffbd3907a913681c44dddb94a0ce54293b/analysis/1397662127/

• https://www.virustotal.com/de/ip-address/193.95.93.62/information/

LISTED AT SPAMHAUS (SBL):

• http://www.spamhaus.org/query/bl?ip=193.95.93.62

• http://www.spamhaus.org/sbl/query/SBL204400

WEB-REP: POOR
EMAIL-REP: POOR

• http://www.senderbase.org/lookup/?search_string=193.95.93.62

www.med-equip.com.tn/geriforte.html REDIRECTS TO:

http://triptabletspharmacy.ru/

• https://www.virustotal.com/de/url/9a59b27ab7899a59763aed3092d887621a3a55c684227a7471fd05f2803da02d/analysis/1397661510/

IP triptabletspharmacy.ru:

http://107.182.164.141/

• https://www.virustotal.com/de/url/ed96c08ef5482160f445fcd3665d2e8991ff0ba2a0f74d73c063227b5a59b89d/analysis/1397662386/

• https://www.virustotal.com/de/ip-address/107.182.164.141/information/

• http://www.senderbase.org/lookup/?search_string=107.182.164.141

SEE ALSO:

• http://zulu.zscaler.com/submission/show/b6bc817a43647a0fa89d3e68a44e696b-1397660255

• http://zulu.zscaler.com/submission/show/8d1a7645f4d5da4e722e8c11b95b4e9c-1397660264

• https://urlquery.net/report.php?id=1397660035929

MAIL SENT "FROM":

http://totbb.net/

• https://www.virustotal.com/de/url/dfc051bf8979828be83f9b5b0ffe9d372302dc7d88bb2aa8ebc289437bcd6a23/analysis/1397660871/

IP totbb.net:

http://203.113.9.20/

• https://www.virustotal.com/de/url/c62bc82dab5ac1d2100e2fc5fc26972ca6bd86d8b55925645540eadeff8279f7/analysis/1397662629/

• https://www.virustotal.com/de/ip-address/203.113.9.20/information/

ORIGINATING IP ADRESS FROM MAIL:

http://111.84.115.252/

• https://www.virustotal.com/de/url/9b7ee547d226d4fc171a124b383f6528b8308ad493efb984a6d9a0dd7a637440/analysis/

• https://www.virustotal.com/de/ip-address/111.84.115.252/information/

LISTED AT SPAMHAUS (PBL):

• http://www.spamhaus.org/query/bl?ip=111.84.115.252

EMAILREP: POOR

• http://www.senderbase.org/senderbase_queries/detailip?search_string=111.84.115.252

ZDF ++EILT++ACHTUNG++SCHOCKIERENDE MELDUNG++: German PHISHING MAIL from: www.redcappi.com arbeit-von-zuhause-aus.com goo.gl/p3rL07 (United States)

++EILT++ACHTUNG++SCHOCKIERENDE MELDUNG++

ZDF berichtete HEUTE im Fernsehen!: Deutschland ist schockiert über diese Geldmaschine!
Vergessen Sie alles, aber wirklich ALLES was Sie bisher in Ihrem Leben gesehen haben!
So etwas haben Sie noch NIE gesehen! 100% GARANTIERT

Das wird sicher Ihr Leben komplett ändern!

Nur noch 429 Mal verfügbar!

Schauen Sie sich das Video an!

Hier klicken: >»ZUM VIDEO«<

Screenshot Mail

SPAM - SCAM - PHISHING MAIL:

http://arbeit-von-zuhause-aus.com/

• https://www.virustotal.com/de/url/e7a5745161f044e06b3f75c5ec2b10cd724b9214dfd0d2b714ea9dee2eaf9d61/analysis/1396714323/

• https://www.virustotal.com/de/file/06e076babd1bc5d7cd32d34f28fa54c4bdd37db5b50eb8328e0469ab29659bf3/analysis/1396714606/

OTHER LINK FOUND IN HTMLSRC:

http://www.mega-ways.com/index.php?d=forum&s=24

• https://www.virustotal.com/de/url/e33e88bc05bacb38a97d9c73f111a852651edb02f5fcc9c5e99c1f10fc566ecd/analysis/1396718339/

TO MENTION HERE IS:

http://www.mega-ways.com/javascript/alphanumeric.js

• https://www.virustotal.com/de/url/50d7f3901c7599a6af623faf05cf912b2e8ab05b4566ccd8ed69b6719c7308d0/analysis/1396716791/

Virus.exp.js.1

• https://www.virustotal.com/de/file/bae1f370c9a4ae19a9bd6d68d98629c115f1f764a844691bfd406211ca321575/analysis/

Ihr Einkommen wird EXPLODIEREN - LOOOL

THROUGH:

http://www.redcappi.com/

• https://www.virustotal.com/de/url/67dc853cd6c065dae93edf295021f261c0c3a2b181cdd28f6780119554a3cfca/analysis/

• https://www.virustotal.com/de/file/c2bcdd9e4362bcb2341d8c18525b49f23bf5b5fc530ef43b4f13846bdb94a875/analysis/1396717343/

SPECIFIC MALICIOUS URL IN PHISH-MAIL:

http://www.redcappi.com/newsletter/clickrate/create/35671/MzY3NjczNjItZ2FyeWR1bnNtb3JlQGdtYWlsLmNvbQ/1

• https://www.virustotal.com/de/url/39917f03a8488217564a62a540548c328a95b6aff48249951027f2b50aafd9d9/analysis/

---> REDIRECTS TO: (PHISHING INTENDED)

http://goo.gl/p3rL07

• https://www.virustotal.com/de/url/5cab9105b00691593c6decf0b4702ba2798cbcfcd46331bed86f089e5913f759/analysis/

http://goo.gl/p3rL07 – this URL has been disabled. Note that goo.gl short URLs may be disabled for spam, security or legal reasons.

FULL REPORT: