This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Conspiracy for the practice of organized crime with phishing
- Previous message (by thread): [anti-abuse-wg] resent - not sure this came through "Badness in the ripe database"
- Next message (by thread): [anti-abuse-wg] Report updated: (#594134) Conspiracy for the practice of organized crime with phishing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Marilson
marilson.mapa at gmail.com
Sat Oct 3 23:32:43 CEST 2015
An impressive tangle of hostnames, owners and ISPs to practice crimes - sending of phishing to steal bank account passwords and credit card. In fact we are talking of conspiracy to include crimes. The purpose of this confusion of hostnames, owners and ISPs is to hide the responsibles or at least dilute responsibilities. One thing is certain, there are no useful innocent in this story. All are practicing crime. Everybody know that are conspiring and committing crime. Spam sender IP address 192.185.176.127: br94.hostgator.com.br (hostname) - Websitewelcome.com (ISP) Spam URL IP 62.75.209.235: euve82972.serverprofi24.com (hostname) - Plusserver AG (ISP) br94.hostgator.com.br ==> jessica.ns.cloudflare.com ==> domain conversaafiada.com.br ==> owner Paulo Henrique dos Santos Amorim Resolve Host: 174.37.202.36-static.reverse.softlayer.com – Softlayer Indonésia. It is a phishing, supposedly sent by Bradesco Bank, to steal data and passwords of bank account and credit card. FROM SPAMCOP Routing details for 192.185.176.127 Cached whois for 192.185.176.127 : ipadmin at websitewelcome.com Using abuse net on ipadmin at websitewelcome.com abuse net websitewelcome.com = abuse at websitewelcome.com, abuse at softlayer.com Using best contacts abuse at websitewelcome.com abuse at softlayer.com Resolving link obfuscation http:// 62.75.209.235/ servidor_privado/ k.php Tracking link: http:// 62.75.209.235/ servidor_privado/ k.php Routing details for 62.75.209.235 Cached whois for 62.75.209.235 : abuse at plusserver.de abuse at ip-pool.com Using abuse net on abuse at plusserver.de abuse net plusserver.de = auftrag at nic.telekom.de, abuse at plusserver.de, abuse at he.net, abuse at server4you.de, abuse at eu.level3.net Using abuse net on abuse at ip-pool.com abuse net ip-pool.com = abuse at plusserver.de, abuse at ip-pool.com Using best contacts abuse at plusserver.de auftrag at nic.telekom.de abuse at he.net abuse at server4you.de abuse at eu.level3.net abuse at ip-pool.com Reports disabled for abuse at server4you.de The spammers and the criminals are filling the coffers of ISPs and Registrar while trying to rob us. Certainly they can irritate us every day. Marilson HEADER Delivered-To: marilson.mapa at gmail.com Received: by 10.103.43.68 with SMTP id r65csp1519399vsr; Mon, 28 Sep 2015 13:02:42 -0700 (PDT) X-Received: by 10.182.109.170 with SMTP id ht10mr11697889obb.62.1443470562509; Mon, 28 Sep 2015 13:02:42 -0700 (PDT) Return-Path: <fabri062 at br94.hostgator.com.br> Received: from br94.hostgator.com.br (br94.hostgator.com.br. [192.185.176.127]) by mx.google.com with ESMTPS id ht3si9152167obb.9.2015.09.28.13.02.42 for <marilson.mapa at gmail.com> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Sep 2015 13:02:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of fabri062 at br94.hostgator.com.br designates 192.185.176.127 as permitted sender) client-ip=192.185.176.127; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of fabri062 at br94.hostgator.com.br designates 192.185.176.127 as permitted sender) smtp.mailfrom=fabri062 at br94.hostgator.com.br; dmarc=fail (p=NONE dis=NONE) header.from=gmail.com Received: from fabri062 by br94.hostgator.com.br with local (Exim 4.85) (envelope-from <fabri062 at br94.hostgator.com.br>) id 1ZgedF-0007CU-UL for marilson.mapa at gmail.com; Mon, 28 Sep 2015 17:02:42 -0300 To: marilson.mapa at gmail.com Subject: Comunicado importante. (96649) X-PHP-Script: caravelasmodapraia.com/Br.php for 177.138.30.17 MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 Content-Transfer-encoding: 8bit From: marilson.mapa at gmail.com Reply-To: marilson.mapa at gmail.com X-Mailer: iGMail [www.ig.com.br] X-Originating-Email: marilson.mapa at gmail.com X-Sender: marilson.mapa at gmail.com X-iGspam-global: Unsure, spamicity=0.570081 - pe=5.74e-01 - pf=0.574081 - pg=0.574081 Message-Id: <E1ZgedF-0007CU-UL at br94.hostgator.com.br> Date: Mon, 28 Sep 2015 17:02:41 -0300 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - br94.hostgator.com.br X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [1091 32007] / [47 12] X-AntiAbuse: Sender Address Domain - br94.hostgator.com.br X-BWhitelist: no X-Source-IP: X-Exim-ID: 1ZgedF-0007CU-UL X-Source: /opt/php53/bin/php-cgi X-Source-Args: /opt/php53/bin/php-cgi /home/fabri062/public_html/caravelasmodapraia.com/Br.php X-Source-Dir: fabricadebiquinis.com.br:/public_html/caravelasmodapraia.com X-Source-Sender: X-Source-Auth: fabri062 X-Email-Count: 5 X-Source-Cap: ZmFicmkwNjI7ZmFicmkwNjI TEXT – hiperlink removed – URL: http:// 62.75.209.235/ servidor_privado/ k.php From: marilson.mapa at gmail.com Sent: Monday, September 28, 2015 5:02 PM To: marilson.mapa at gmail.com Subject: Comunicado importante. (96649) Prezado(a) Cliente, O motivo pelo qual estamos entrando em contato, é para informar que seu cartão chave de sergurança tabela Bradesco encontra-se expirado, pedimos que você acesse nosso portal e ative-o. Caso a reativação de sua conta não seja realizada, será cobrado um valor de R$ 85,70 referente ao envio de um novo cartão de sergurança. Para ativar o cartão chave clique aqui Comunicado importante. -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20151003/e2116722/attachment.html>
- Previous message (by thread): [anti-abuse-wg] resent - not sure this came through "Badness in the ripe database"
- Next message (by thread): [anti-abuse-wg] Report updated: (#594134) Conspiracy for the practice of organized crime with phishing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]