Spam mail leads to phishing:
Last week, I received a spam mail in my Gmail account. It gives me the message as: to view the doc, please click here and login!
I viewed this link in the dedicated environment (for analysis). The link is hxxp://spirtbaza.com/bggle.doc/index.htm
In order view this doc, need to login using any of the following account.
I just use some random user id and some random password. It accepts those non existing id and redirected to Google doc page - https://productforums.google.com/forum/#!category-topic/docs/documents
I also captured the packets:
WHOIS information for spirtbaza.com:***
Domain Name: SPIRTBAZA.COM
Registrar: LLC "REGISTRAR OF DOMAIN NAMES REG.RU"
Whois Server: whois.reg.ru
Referral URL: http://www.reg.ru
Name Server: NS23.RUWEB.NET
Name Server: NS45.RUWEB.NET