Автор: blog

>>> https://www.google.com/url?q=https%3A%2F%2Fsex-tables-here.com%2F%3Fu%3Dab3pd0x%26o%3Dnyukfp7%26m%3D1%26t%3DSUMON-A1&sa=D&sntz=1&usg=AFQjCNF9SWqmVI7Ei9YzGQkR_cwJ917cWw sex-tables-here.com. 299 IN A 185.176.27.136 ____________ Received: from mail-ot1-f58.google.com (mail-ot1-f58.google.com [209.85.210.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by xxxxx; Sat, 3 Oct 2020 11:22:56 -0400 (EDT) Received: by mail-ot1-f58.google.com with SMTP id xx.5 for xx; Sat, 03 Oct 2020 08:22:56 -0700 (PDT) https://sites.google.com/view/klo055 sites.google.com. 299 IN A 172.217.14.78

Received: from bengkaliskab.go.id (unknown [103.231.115.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by xx; Fri, 2 Oct 2020 17:22:02 -0400 (EDT) Received: from client.yota.ru (unknown [94.25.181.107]) by bengkaliskab.go.id (Postfix) with ESMTPSA id xx; Sat, 3 Oct 2020 03:22:37 +0700 (WIB) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bengkaliskab.go.id; s=default; t=xx; bh=xx Authentication-Results: bengkaliskab.go.id; spf=pass… Читать далее Using hacked servers to send spam for: love4babyestinder.blogspot.com

Received: from server.debianadmin.com (unknown [209.124.74.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by xx; Sun, 4 Oct 2020 12:22:44 -0400 (EDT) Received: from [94.25.181.60] (port=xx helo=client.yota.ru) by server.debianadmin.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <postmaster@ubuntugeek.com>) id xx; Thu, 01 Oct 2020 01:22:09 -0400 From: Josephine van Sittart <martine.flot@ville-chalette.fr> MIME-Version:… Читать далее Using hacked servers to send spam for: finderfordates.blogspot.com

The host at this IP address (35.214.215.33) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://lidoraggiodisole.it/cgi-bin/f6q_kn_tqwx/ http://lidoraggiodisole.it/cgi-bin/8UOQBZ9ZV6G/abIbkru7eP/ http://lidoraggiodisole.it/cgi-bin/ZS8mZKT2hp/ AS number: AS15169 AS name: GOOGLE Hostname: 33.215.214.35.bc.googleusercontent.com

The host at this IP address (35.208.104.82) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://azraktours.com/wp-admin/FRyQpDplD/ http://azraktours.com/wp-admin/INC/iprx8mhgo7ye-000979508/ http://azraktours.com/wp-admin/INC/iprx8mhgo7ye-000979508// http://azraktours.com/wp-admin/h/ AS number: AS15169 AS name: GOOGLE Hostname: 82.104.208.35.bc.googleusercontent.com

The host at this IP address (104.196.113.47) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://104.196.113.47/wp-admin/parts_service/hg7dmfkz5bt/bjgit12s75jrumi50t0/ AS number: AS15169 AS name: GOOGLE Hostname: 47.113.196.104.bc.googleusercontent.com

The host at this IP address (35.230.95.205) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://35.230.95.205/vxqhj/6U2gFiQPk/ AS number: AS15169 AS name: GOOGLE Hostname: 205.95.230.35.bc.googleusercontent.com

uno-duro-grils.blogspot.com. 3599 IN CNAME blogspot.l.googleusercontent.com. blogspot.l.googleusercontent.com. 299 IN A 142.250.68.33 Received: from email.uem.mz (email.uem.mz [196.3.96.144]) by xx; Tue, 6 Oct 2020 06:22:59 -0400 (EDT) Received: from 195.54.167.152 (unknown [200.233.240.48]) by email.uem.mz (Postfix) with ESMTPSA id xx; Thu, 1 Oct 2020 00:22:33 +0200 (CAT) MessageID: xx@mashtechno.co.mz X-Mailer: KANA Light ver Reply-To:Abril <info@martindenzin.de> From: Abril <info@martindenzin.de> List-Unsubscribe:… Читать далее Using hacked servers to send spam for: uno-duro-grils.blogspot.com

https://skycollegeus-my.sharepoint.com/:w:/g/personal/erinbrown2_skycollegeus_onmicrosoft_com/EWPzum6lPlBPkRyzKH8tZH8BdEeJ-h0VTI1tMGE0AhZgGw?e=4%3alBei7j&at=9 >>> https://cldrg.com/?a=115981&c=191109&s1=mp Meta-Refresh https://cldrg.com?a=115981&c=191109&oc=82293&sr=t&s1=mp&vt=1602205614695&h=f8cfae9dc52dd4ebeef2b9a2499d4a28f8645bd1&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D115981%26c%3D191109%26s1%3Dmp&us=00000000000000000000000000000000 302 Redirect https://www.flirtsfinder.com/?ainfo=NTQ1Njd8NjkyN3w=&skin=301&i=1&xcc=115981_mp&click_id=b3eff510b22b46adbf45730d028aa863f2ea flirtsfinder.com. 10 IN A 35.203.113.247 ___________ Was: >>> https://cldrg.com/?a=xx&c=xx&s1=love Meta-Refresh https://cldrg.com?a=xx&c=xx&oc=xx&sr=t&s1=love&vt=xx&h=xx&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D115981%26c%3D162792%26s1%3Dlove&us=00000000000000000000000000000000 302 Redirect https://matchjunkie.com/dclick?campaign_id=cm_cdd2&s2=xx&s3=xx&lb=1&oid=xx 302 Redirect https://cindymatches.com/?s1=fwe&s3=cmcdd2 cldrg.com. 59 IN A 52.2.252.34 cldrg.com. 59 IN A 3.220.160.66 cldrg.com. 59 IN A 54.173.242.210 cldrg.com. 59 IN A 54.84.245.233 matchjunkie.com. 299 IN A 104.27.129.129 matchjunkie.com. 299 IN A 104.27.128.129… Читать далее Repeated spamming using sharepoint.com links to hide behind: flirtsfinder.com

They use hacked servers/accounts to send spam. See: https://www.google.com/search?q=%22epostego.com%22 udmiztore@epostego.com zoloudmila@epostego.com ;; QUESTION SECTION: ;epostego.com. IN MX ;; ANSWER SECTION: epostego.com. 21599 IN MX 10 aspmx2.googlemail.com. epostego.com. 21599 IN MX 5 alt1.aspmx.l.google.com. epostego.com. 21599 IN MX 1 aspmx.l.google.com. 74.125.137.26 epostego.com. 21599 IN MX 5 alt2.aspmx.l.google.com. epostego.com. 21599 IN MX 10 aspmx3.googlemail.com. _______ One sample: Received:… Читать далее Dating spammer email domain: epostego.com — hosted at Gmail.