An impressive tangle of hostnames, owners and ISPs to practice crimes - sending of phishing to steal bank account passwords and credit card. In fact we are talking of conspiracy to include crimes. The purpose of this confusion of hostnames, owners and ISPs is to hide the responsibles or at least dilute responsibilities. One thing is certain, there are no useful innocent in this story. All are practicing crime. Everybody know that are conspiring and committing crime. Spam sender IP address 192.185.176.127: br94.hostgator.com.br (hostname) - Websitewelcome.com (ISP) Spam URL IP 62.75.209.235: euve82972.serverprofi24.com (hostname) - Plusserver AG (ISP) br94.hostgator.com.br ==> jessica.ns.cloudflare.com ==> domain conversaafiada.com.br ==> owner Paulo Henrique dos Santos Amorim Resolve Host: 174.37.202.36-static.reverse.softlayer.com – Softlayer Indonésia. It is a phishing, supposedly sent by Bradesco Bank, to steal data and passwords of bank account and credit card. FROM SPAMCOP Routing details for 192.185.176.127 Cached whois for 192.185.176.127 : ipadmin@websitewelcome.com Using abuse net on ipadmin@websitewelcome.com abuse net websitewelcome.com = abuse@websitewelcome.com, abuse@softlayer.com Using best contacts abuse@websitewelcome.com abuse@softlayer.com Resolving link obfuscation http:// 62.75.209.235/ servidor_privado/ k.php Tracking link: http:// 62.75.209.235/ servidor_privado/ k.php Routing details for 62.75.209.235 Cached whois for 62.75.209.235 : abuse@plusserver.de abuse@ip-pool.com Using abuse net on abuse@plusserver.de abuse net plusserver.de = auftrag@nic.telekom.de, abuse@plusserver.de, abuse@he.net, abuse@server4you.de, abuse@eu.level3.net Using abuse net on abuse@ip-pool.com abuse net ip-pool.com = abuse@plusserver.de, abuse@ip-pool.com Using best contacts abuse@plusserver.de auftrag@nic.telekom.de abuse@he.net abuse@server4you.de abuse@eu.level3.net abuse@ip-pool.com Reports disabled for abuse@server4you.de The spammers and the criminals are filling the coffers of ISPs and Registrar while trying to rob us. Certainly they can irritate us every day. Marilson HEADER Delivered-To: marilson.mapa@gmail.com Received: by 10.103.43.68 with SMTP id r65csp1519399vsr; Mon, 28 Sep 2015 13:02:42 -0700 (PDT) X-Received: by 10.182.109.170 with SMTP id ht10mr11697889obb.62.1443470562509; Mon, 28 Sep 2015 13:02:42 -0700 (PDT) Return-Path: <fabri062@br94.hostgator.com.br> Received: from br94.hostgator.com.br (br94.hostgator.com.br. [192.185.176.127]) by mx.google.com with ESMTPS id ht3si9152167obb.9.2015.09.28.13.02.42 for <marilson.mapa@gmail.com> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Sep 2015 13:02:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of fabri062@br94.hostgator.com.br designates 192.185.176.127 as permitted sender) client-ip=192.185.176.127; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of fabri062@br94.hostgator.com.br designates 192.185.176.127 as permitted sender) smtp.mailfrom=fabri062@br94.hostgator.com.br; dmarc=fail (p=NONE dis=NONE) header.from=gmail.com Received: from fabri062 by br94.hostgator.com.br with local (Exim 4.85) (envelope-from <fabri062@br94.hostgator.com.br>) id 1ZgedF-0007CU-UL for marilson.mapa@gmail.com; Mon, 28 Sep 2015 17:02:42 -0300 To: marilson.mapa@gmail.com Subject: Comunicado importante. (96649) X-PHP-Script: caravelasmodapraia.com/Br.php for 177.138.30.17 MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 Content-Transfer-encoding: 8bit From: marilson.mapa@gmail.com Reply-To: marilson.mapa@gmail.com X-Mailer: iGMail [www.ig.com.br] X-Originating-Email: marilson.mapa@gmail.com X-Sender: marilson.mapa@gmail.com X-iGspam-global: Unsure, spamicity=0.570081 - pe=5.74e-01 - pf=0.574081 - pg=0.574081 Message-Id: <E1ZgedF-0007CU-UL@br94.hostgator.com.br> Date: Mon, 28 Sep 2015 17:02:41 -0300 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - br94.hostgator.com.br X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [1091 32007] / [47 12] X-AntiAbuse: Sender Address Domain - br94.hostgator.com.br X-BWhitelist: no X-Source-IP: X-Exim-ID: 1ZgedF-0007CU-UL X-Source: /opt/php53/bin/php-cgi X-Source-Args: /opt/php53/bin/php-cgi /home/fabri062/public_html/caravelasmodapraia.com/Br.php X-Source-Dir: fabricadebiquinis.com.br:/public_html/caravelasmodapraia.com X-Source-Sender: X-Source-Auth: fabri062 X-Email-Count: 5 X-Source-Cap: ZmFicmkwNjI7ZmFicmkwNjI TEXT – hiperlink removed – URL: http:// 62.75.209.235/ servidor_privado/ k.php From: marilson.mapa@gmail.com Sent: Monday, September 28, 2015 5:02 PM To: marilson.mapa@gmail.com Subject: Comunicado importante. (96649) Prezado(a) Cliente, O motivo pelo qual estamos entrando em contato, é para informar que seu cartão chave de sergurança tabela Bradesco encontra-se expirado, pedimos que você acesse nosso portal e ative-o. Caso a reativação de sua conta não seja realizada, será cobrado um valor de R$ 85,70 referente ao envio de um novo cartão de sergurança. Para ativar o cartão chave clique aqui Comunicado importante.