An impressive tangle of hostnames, owners and ISPs to practice crimes -
sending of phishing to steal bank account passwords and credit card. In fact we
are talking of conspiracy to include crimes. The purpose of this confusion of
hostnames, owners and ISPs is to hide the responsibles or at least dilute
responsibilities. One thing is certain, there are no useful innocent in this
story. All are practicing crime. Everybody know that are conspiring and
committing crime.
Spam sender IP address 192.185.176.127: br94.hostgator.com.br
(hostname) - Websitewelcome.com (ISP)
Spam URL IP 62.75.209.235: euve82972.serverprofi24.com (hostname) -
Plusserver AG
(ISP)
br94.hostgator.com.br
==> jessica.ns.cloudflare.com ==>
domain conversaafiada.com.br ==> owner
Paulo Henrique dos Santos Amorim Resolve Host:
174.37.202.36-static.reverse.softlayer.com – Softlayer
Indonésia.
It
is a phishing, supposedly sent by Bradesco Bank, to steal data and passwords of
bank account and credit card.
FROM SPAMCOP
Routing details for 192.185.176.127
Cached whois for 192.185.176.127 : ipadmin@websitewelcome.com
Using abuse net on ipadmin@websitewelcome.com
abuse net websitewelcome.com = abuse@websitewelcome.com, abuse@softlayer.com
Using best contacts abuse@websitewelcome.com abuse@softlayer.com
Cached whois for 192.185.176.127 : ipadmin@websitewelcome.com
Using abuse net on ipadmin@websitewelcome.com
abuse net websitewelcome.com = abuse@websitewelcome.com, abuse@softlayer.com
Using best contacts abuse@websitewelcome.com abuse@softlayer.com
Resolving link obfuscation
http:// 62.75.209.235/ servidor_privado/ k.php
Tracking link: http:// 62.75.209.235/ servidor_privado/ k.php
Routing details for 62.75.209.235
Cached whois for 62.75.209.235 : abuse@plusserver.de abuse@ip-pool.com
Using abuse net on abuse@plusserver.de
abuse net plusserver.de = auftrag@nic.telekom.de, abuse@plusserver.de, abuse@he.net, abuse@server4you.de, abuse@eu.level3.net
Using abuse net on abuse@ip-pool.com
abuse net ip-pool.com = abuse@plusserver.de, abuse@ip-pool.com
Using best contacts abuse@plusserver.de auftrag@nic.telekom.de abuse@he.net abuse@server4you.de abuse@eu.level3.net abuse@ip-pool.com
Reports disabled for abuse@server4you.de
Cached whois for 62.75.209.235 : abuse@plusserver.de abuse@ip-pool.com
Using abuse net on abuse@plusserver.de
abuse net plusserver.de = auftrag@nic.telekom.de, abuse@plusserver.de, abuse@he.net, abuse@server4you.de, abuse@eu.level3.net
Using abuse net on abuse@ip-pool.com
abuse net ip-pool.com = abuse@plusserver.de, abuse@ip-pool.com
Using best contacts abuse@plusserver.de auftrag@nic.telekom.de abuse@he.net abuse@server4you.de abuse@eu.level3.net abuse@ip-pool.com
Reports disabled for abuse@server4you.de
The spammers and the criminals are filling the coffers of ISPs and
Registrar while trying to rob us. Certainly they can irritate us every
day.
Marilson
HEADER
Delivered-To: marilson.mapa@gmail.com
Received: by 10.103.43.68 with SMTP id
r65csp1519399vsr;
Mon, 28 Sep
2015 13:02:42 -0700 (PDT)
X-Received: by 10.182.109.170 with SMTP id
ht10mr11697889obb.62.1443470562509;
Mon, 28 Sep
2015 13:02:42 -0700 (PDT)
Return-Path:
<fabri062@br94.hostgator.com.br>
Received: from br94.hostgator.com.br
(br94.hostgator.com.br. [192.185.176.127])
by
mx.google.com with ESMTPS id ht3si9152167obb.9.2015.09.28.13.02.42
for
<marilson.mapa@gmail.com>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 28 Sep
2015 13:02:42 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for
domain of fabri062@br94.hostgator.com.br designates 192.185.176.127 as permitted
sender) client-ip=192.185.176.127;
Authentication-Results: mx.google.com;
spf=pass
(google.com: best guess record for domain of fabri062@br94.hostgator.com.br
designates 192.185.176.127 as permitted sender)
smtp.mailfrom=fabri062@br94.hostgator.com.br;
dmarc=fail (p=NONE
dis=NONE) header.from=gmail.com
Received: from fabri062 by br94.hostgator.com.br with
local (Exim 4.85)
(envelope-from
<fabri062@br94.hostgator.com.br>)
id 1ZgedF-0007CU-UL
for marilson.mapa@gmail.com; Mon, 28
Sep 2015 17:02:42 -0300
To: marilson.mapa@gmail.com
Subject: Comunicado importante. (96649)
X-PHP-Script: caravelasmodapraia.com/Br.php for
177.138.30.17
MIME-Version: 1.0
Content-type: text/html;
charset=iso-8859-1
X-Mailer: Microsoft Office Outlook, Build
17.551210
Content-Transfer-encoding: 8bit
From: marilson.mapa@gmail.com
Reply-To: marilson.mapa@gmail.com
X-Mailer: iGMail [www.ig.com.br]
X-Originating-Email:
marilson.mapa@gmail.com
X-Sender: marilson.mapa@gmail.com
X-iGspam-global: Unsure, spamicity=0.570081 -
pe=5.74e-01 - pf=0.574081 - pg=0.574081
Message-Id:
<E1ZgedF-0007CU-UL@br94.hostgator.com.br>
Date: Mon, 28 Sep 2015 17:02:41 -0300
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname -
br94.hostgator.com.br
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1091 32007] /
[47 12]
X-AntiAbuse: Sender Address Domain -
br94.hostgator.com.br
X-BWhitelist: no
X-Source-IP:
X-Exim-ID: 1ZgedF-0007CU-UL
X-Source: /opt/php53/bin/php-cgi
X-Source-Args: /opt/php53/bin/php-cgi
/home/fabri062/public_html/caravelasmodapraia.com/Br.php
X-Source-Dir:
fabricadebiquinis.com.br:/public_html/caravelasmodapraia.com
X-Source-Sender:
X-Source-Auth: fabri062
X-Email-Count: 5
X-Source-Cap: ZmFicmkwNjI7ZmFicmkwNjI
TEXT – hiperlink removed – URL: http:// 62.75.209.235/
servidor_privado/ k.php
From:
marilson.mapa@gmail.com
Sent: Monday, September 28, 2015 5:02 PM
Subject: Comunicado importante.
(96649)
|
Prezado(a) Cliente, |