20150822

Alle Register gezogen

Die heutige Abendspam von BGO Entertainment Limited weist nicht den sonst üblichen "View Profiles"-Button auf, dessen Link ich immer von "urlquery.net" nachverfolgen lasse. Deswegen habe ich mich mit den einzelnen Profillinks befasst.

Es existieren vier unterschiedliche Links, d.h. die Profile 5-8 haben dieselben Links, wie die Profile 1-4. Diese vier Links unterscheiden sich lediglich bei den Ziffern am Ende des Links. Man findet hier die Ziffern 8-11 (s.u.).

Der Link "...I=8." führt über die brasilianische Domain "knoxvillelocals.com" zu "frtya.com",



die Links "...I=9." und "...I=10." führen zu "ertya.com",



der Link "...I=11." führen als dritte bereits bekannte Variante der Malwareverteilung über "seethisinaction.com" zu "frtya.com" ...




Return-Path: web.de.74010.MeinName@vmt27.knoxvillelocals.com
Received: from vmt27.knoxvillelocals.com ([177.223.154.77]) by mx-ha.web.de (mxweb101) with ESMTP (Nemesis) id 0Llkuy-1YtrEa41lw-00ZOJl for [MeinName@web.de]; Sat, 22 Aug 2015 18:49:42 +0200
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=knoxvillelocals.com; s=s512; l=17719; x=1440856638; h=From:To: Subject:Content-Type:Date:Message-ID:List-Unsubscribe; b=bvEnyFo Y9r62ThQ45vFV+cxNB+htfVlvyF3r2AIE68f0fg/G3Zj8w0ncQyosN2QPDoET4+K SNVgzlfPB1vEoLA==
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=knoxvillelocals.com; s=s512; l=17719; x=1440856638; h=From:To: Subject:Content-Type:Date:Message-ID:List-Unsubscribe; bh=T2rkVn C3SoHWfZwCbBip7DRAs2Q=; b=BREo4+6t5hXJsrtV21sqt/RBOSZMX7ztQbyIRi D7SnBq0NC/DI9alxLJS8Pi61765tFBcb28rJqJnDVakAyfBw==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s512; d=knoxvillelocals.com; b=igFRjyvgt/myq++XBc8udhkH+W3BvEiElLPWpbBEIGuCiiCNER4xICCBekdFssd7hQ/Dl2bj6pgx+6uDCR14YQ==;
Received: from knoxvillelocals.com [177.223.154.77] by knoxvillelocals.com [177.223.154.77]; Sat, 22 Aug 2015 09:56:08 -0500
MIME-Version: 1.0
From: Private Message[message251@knoxvillelocals.com]
To: MeinName@web.de
Subject: Sexually Explicit:8 girls sent you private message today. We think they want se**
Content-Type: multipart/alternative; boundary="-=e6b9917a4cb0114a98a0d6af4b908f56";
Date: Sat, 22 Aug 2015 09:56:08 -0500
X-Mailer: PHPSystems
Message-ID: [1-74010-lRmLiV2dA5mbh1mclhWbph2Yh9maP@vmt27.knoxvillelocals.com]
List-Unsubscribe: http://knoxvillelocals.com/1/acc2.pl?e=MeinName@web.de&m=74010
Precedence: bulk
X-Admin: postmaster@knoxvillelocals.com
Abuse-Reports-To: abuse@knoxvillelocals.com
X-Complaints-To: abuse@knoxvillelocals.com
X-Report-Abuse-To: abuse@knoxvillelocals.com
Envelope-To: [MeinName@web.de]
X-UI-Filterresults: junk:10;V01:K0:5c5Hw3kR4Z4=:0NzR+8jFw1Nb0GMhZ7I5llczFvlV IxEzayPbCSWPu6RsCeCFxKAxSxdPAbt7X5amrm1g9o2ADr5AzmJU+LLjA9sLN/McccfQYfEDo McYBqnU0u3TAQkdO3R5iOpA5ArqQRYFMgffW82iSKoYlnql8cgggZmS5a2yMptPu/DATBPHON q8Icba/eGO48oihyyISJK6vRnBz8focEgFk8iC6K9fYnSQ6V+Sy9GkiIKzqyMq3u5CwjNyVi4 23T6SdXr7lke+t7ZhGJxh1D++J7IHDhka8wjQESlw6CIaU0rswn/WwlmRVqY2e6s28WXtQTK3 BPoQhZPxw0MDno4XEfbuhqIAH/sv2MNIlO6nDIWqHDqH2hXIXCLpcHQ3A5JTcwCfrBKsjqj8l avznwZVHFX7C9gwsURbaa0HswT39MtKoA8UzcQjXtJd147jRid4nBktkBfu+EhRK5TenqveNs VciED3F4eBwlFe1Ct+v/kS1WcwivB4DdG3y7bPHdMzaAYm52g1naH6aQut0diYywaWAXskLSK xpflPJgLiA4NT94ALw03L4+a8vWT4yGNeMvm3sDhmKftE2eo7t5oRKQLUCOdSGP1Dbb0NNiVg ltER/YJn+sAk2yQ0x/PHyPJtqhkZ2eR98kG9K5PaDkQCvdPNHFNbhXRc+sxhd+wseOQ8DbI79 HKNsVjLTskLxr2UPk8ga2+h5peePckof1VkHrkR2MSv0HLTRdDIpXFoP7nP1wlyEtGcUtA7le fRix1Fy6/inPKcmLaVzQmMrASkYcPWxsooIK9SPIjNIJGwp7hbcfYeyUOEAzUf2z1BtpxpWnk Pg6TngbjZt3dKhcerU1p9F1o/aNQ3h/C8XBNViONJQ/LgOg8L9tqifIYSNnpyfOK7y4ogMl3p SMZXqUhann2JBqJ1iC39NDsUnqoggnUnPAirIITzOhZb3eHtB4gN8Ygs1auTMFYvPS6iIjYuy kGorPYE70WRxbf6iPMslQVxHX4wmFzN93PEEES56Q+pTwvhzsXSAADtui2tnPHCxUtCcIqBjF 825D3x8O5V1ZitRcpWn4Eub8muiOyxFXN02KfDPgRUn0Erc9K9XagO5RawI26F3oom3Dp3609 BtdWBlrrHsaUtZ+XONonuxJIgXpaxU48fRE7fQpCWDaODv+XksDuSAwgWjAxJ2PYNYS9cZPmb XhO3O71ZVhpwn/24+LCq1Q8OlB7EoItoff2H5mp7mROSnrJnJOanSqR/yBISDEyr/z22iAgP5 Gg5VDjFqXuHoxOX+sGu662rIVpXCTMDnBnCPLr+RxZcMhGKxP2y3ZKGJXiDnNvDNF/KGSV1fl H6LMIRfMiUG1ZlDW9G+zzoAa70Ab8rP1W6RxN5yEbNCNDyXlJjvq/w82Nbx9vkal+QB/2A9Q7 nJHSbqqAU7FdEQIC57xnIoTQ6OSo3iEYMuFuL53Q6dsAw59GEgAq8a1MsD3VUqHmLtXPiP1yA V5mSviYw1SBPsnBebLmDI2BnY4vwywFHiZm8Sd3rBTtPP1EmQIDQArqt5JEF4r3Hg6ENbDYeR Tg1Pj3J5DHq6sOPPRjNLM/BTAW17Sd1j1aMQ5bV





[http://knoxvillelocals.com/sohtaiks?e=lRmLiV2dA5mbh1mclhWbph2Yh9maP&m=74010&l=8.] (-11.)


Keine Kommentare:

Kommentar veröffentlichen

Hinweis: Nur ein Mitglied dieses Blogs kann Kommentare posten.