20150831

Waiting for tingist.com, ratcasino.net, oxxtube.com ...

Wie schon in den letzten Sex-Spams von BGO vom Samstag wird man auch in den heutigen über die Links zwar nach Brasilien geschickt, von dort geht dann allerdings nichts weiter ...

-------------------------------------
EDIT (01.09.2015): Nachdem der Link der heutigen Spam funktioniert hat, habe ich die "View profiles"-Links dieses Posts nochmal getestet. Hier die Ergebnisse für die URLs in diesem Post:




Die Spam, die zur Domain "oxxtube.com" führt, hat, wie auch schon einige vorher, keinen "View profiles"-Link, sondern man muss jedes Profil einzeln testen. Hierbei stellte ich ein gewisses Schema in der Malware-Verteilung fest: die URLs unterscheiden sich durch eine Zahl am Ende, in diesem Fall "..I=0." bis "..I=3." (es sind ja immer vier Profile in einer Reihe, bei den Spams mit acht Profilen gibt es z. B. die vier URLs mit "I=8." bis "I=11.", die pro Reihe wiederholt werden). In dieser hier führt "0" zu "frtya.com", "1"+"2" zu "ertya.com" und "3" über die Malware-Domain "seethisinaction.com" zu "frtya.com":





-------------------------------------


Return-Path: web.de.2366010.MeinName@vmt7.tingist.com
Received: from vmt7.tingist.com ([177.223.155.57]) by mx-ha.web.de (mxweb109) with ESMTP (Nemesis) id 0M1lSw-1YiRKT44eg-00toea for [MeinName@web.de]; Mon, 31 Aug 2015 16:50:52 +0200
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=tingist.com; s=s512; l=3374; x=1441637446; h=From:To:Subject:Content-Type: Date:Message-ID:List-Unsubscribe; b=niviDbfSXiXWY3s9naTt+OjI9XtD v24KgXtnZbuN+TojYn11JOnuJg7VQKNEoh+mbJxBGvec+jBQcq6ZrUXzrw==
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=tingist.com; s=s512; l=3374; x=1441637446; h=From:To:Subject: Content-Type:Date:Message-ID:List-Unsubscribe; bh=FWJvluSLFak6Ei VY3x/bLL0HRpQ=; b=GpmilSE0bPj/7CV5oXatgVCohOoCtvIgxynvg/J9GPlcXe o0+IKyVGPmv8wr4PzuJzVuD43pHtj9Vwu5L37JTw==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s512; d=tingist.com; b=aIWsWox4nnd9CYSgLIsi226e3nu4uDgSG6cbRm1CZablqRe9RlOmz++/oxsdY4bRQ7Guw6QHbe6Fah3q+VA15A==;
Received: from tingist.com [177.223.155.57] by tingist.com [177.223.155.57]; Mon, 31 Aug 2015 16:01:00 +0100
MIME-Version: 1.0
From: MzRoberts85[MzRoberts859@tingist.com]
To: MeinName@web.de
Subject: MzRoberts85 sent you private message.Check she's profile and friends
Content-Type: multipart/alternative; boundary="-=d3346680fc8125d201e5d19da1c757f9";
Date: Mon, 31 Aug 2015 16:01:00 +0100
X-Mailer: Universal
Message-ID: [1-2366010-lRmLiV2dA5mbh1mclhWbph2Yh9maP@tingist.com]
List-Unsubscribe: http://tingist.com/1/acc2.pl?e=MeinName@web.de&m=2366010
Precedence: bulk
X-Admin: postmaster@tingist.com
Abuse-Reports-To: abuse@tingist.com
X-Complaints-To: abuse@tingist.com
X-Report-Abuse-To: abuse@tingist.com
Envelope-To: [MeinName@web.de]




[http://tingist.com/ardyh?e=lRmLiV2dA5mbh1mclhWbph2Yh9maP&m=2366010&l=1.]

------------------------------------

Return-Path: web.de.2354010.MeinName@vmt17.ratcasino.net
Received: from vmt17.ratcasino.net ([177.223.153.67]) by mx-ha.web.de (mxweb003) with ESMTP (Nemesis) id 0MMkwh-1ZdAfx164N-008YIH for [MeinName@web.de]; Mon, 31 Aug 2015 07:59:18 +0200
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=ratcasino.net; s=s512; l=7246; x=1441605552; h=From:To:Subject:Content-Type: Date:Message-ID:List-Unsubscribe; b=jLaPkUDd1bucitDSkI5yTpAjJFqp iiAHX2j62xUw7ldxXOyo+m6etL1oLDx5Dh5oewZICgL8GvvFHAY9QOFlqg==
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=ratcasino.net; s=s512; l=7246; x=1441605552; h=From:To:Subject: Content-Type:Date:Message-ID:List-Unsubscribe; bh=dHn009nKtUQdZ0 o7v9Oja+tF/1M=; b=SxQXTJdTb9V14siRFsjKZcUrAZ3mP7r+0g9nsSDuEtfJOO QnMb0MWvktREN4A2fArAaQwsArxTTLSAJvIgL3Yg==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s512; d=ratcasino.net; b=WQKL/B19VTSwTdLeHkebmYuYZpSRivN/hhQwPSKL/MPJpbx0MTDbGxdvpZR6XDefI2hHdEE6BDYK52KgY965nA==;
Received: from ratcasino.net [177.223.153.67] by ratcasino.net [177.223.153.67]; Sun, 30 Aug 2015 21:34:41 +0100
MIME-Version: 1.0
From: 6 girls[6hotgirls@ratcasino.net]
To: MeinName@web.de
Subject: 6 hot girls want meet with you.They are HOT:)
Content-Type: multipart/alternative; boundary="-=1fd56fc7ee7cacae4d4a18b08b11caaf";
Date: Sun, 30 Aug 2015 21:34:41 +0100
X-Mailer: Universal
Message-ID: [1-2354010-lRmLiV2dA5mbh1mclhWbph2Yh9maP@ratcasino.net]
List-Unsubscribe: http://ratcasino.net/1/acc2.pl?e=MeinName@web.de&m=2354010
Precedence: bulk
X-Admin: postmaster@ratcasino.net
Abuse-Reports-To: abuse@ratcasino.net
X-Complaints-To: abuse@ratcasino.net
X-Report-Abuse-To: abuse@ratcasino.net
Envelope-To: [MeinName@web.de]




[http://ratcasino.net/ardyh?e=lRmLiV2dA5mbh1mclhWbph2Yh9maP&m=2354010&l=1.]

------------------------------------

Return-Path: web.de.2352010.MeinName@vmt18.oxxtube.com
Received: from vmt18.oxxtube.com ([177.223.155.218]) by mx-ha.web.de (mxweb007) with ESMTP (Nemesis) id 0Lpc3C-1Z1qPN2Q10-00fRgR for [MeinName@web.de]; Mon, 31 Aug 2015 02:53:05 +0200
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=oxxtube.com; s=s512; l=10274; x=1441587173; h=From:To:Subject:Content-Type: Date:Message-ID:List-Unsubscribe; b=ow6luzRXb9BV2A6hlcQrb8tRQtWU z9SArrr+xZ9axac0mfs+8GKRfHA1/p4A1VDdnpkJCK4pnief2Aw3GADJiA==
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=oxxtube.com; s=s512; l=10274; x=1441587173; h=From:To:Subject: Content-Type:Date:Message-ID:List-Unsubscribe; bh=9A4OfP2UleZ7QG Sm+PDXhQUzvpk=; b=FsK723G30ikLS0H4FrwdyoP931IJcFoJV1KNO8fMMrh5R8 2ip3mGAGHLF8OwyA+e7W9CpDMiG7/7BxsmWcWwUw==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s512; d=oxxtube.com; b=XlMcpS0O17uVJPoj3JQKAprCwaODsZIC0sB9g1i3Qjnbfzl3/p63kSoSCEf71oeDP+8W3un09mhqPyuvCc4XPw==;
Received: from oxxtube.com [177.223.155.218] by oxxtube.com [177.223.155.218]; Sun, 30 Aug 2015 11:02:26 +0100
MIME-Version: 1.0
From: Jennifer and friends[jennifera15@oxxtube.com]
To: MeinName@web.de
Subject: MeinName Someones wife has a sex-invite for you
Content-Type: multipart/alternative; boundary="-=e8822d0052dd3718d0055bfdad754cd9";
Date: Sun, 30 Aug 2015 11:02:26 +0100
X-Mailer: Universal
Message-ID: [1-2352010-lRmLiV2dA5mbh1mclhWbph2Yh9maP@oxxtube.com]
List-Unsubscribe: http://oxxtube.com/1/acc2.pl?e=MeinName@web.de&m=2352010
Precedence: bulk
X-Admin: postmaster@oxxtube.com
Abuse-Reports-To: abuse@oxxtube.com
X-Complaints-To: abuse@oxxtube.com
X-Report-Abuse-To: abuse@oxxtube.com
Envelope-To: [MeinName@web.de]




[http://oxxtube.com/ardyh?e=lRmLiV2dA5mbh1mclhWbph2Yh9maP&m=2352010&l=0.] (- 3.)



Keine Kommentare:

Kommentar veröffentlichen

Hinweis: Nur ein Mitglied dieses Blogs kann Kommentare posten.