Рубрика: google.com

The host at this IP address (35.214.215.33) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://lidoraggiodisole.it/cgi-bin/f6q_kn_tqwx/ http://lidoraggiodisole.it/cgi-bin/8UOQBZ9ZV6G/abIbkru7eP/ http://lidoraggiodisole.it/cgi-bin/ZS8mZKT2hp/ AS number: AS15169 AS name: GOOGLE Hostname: 33.215.214.35.bc.googleusercontent.com

The host at this IP address (35.208.104.82) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://azraktours.com/wp-admin/FRyQpDplD/ http://azraktours.com/wp-admin/INC/iprx8mhgo7ye-000979508/ http://azraktours.com/wp-admin/INC/iprx8mhgo7ye-000979508// http://azraktours.com/wp-admin/h/ AS number: AS15169 AS name: GOOGLE Hostname: 82.104.208.35.bc.googleusercontent.com

The host at this IP address (104.196.113.47) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://104.196.113.47/wp-admin/parts_service/hg7dmfkz5bt/bjgit12s75jrumi50t0/ AS number: AS15169 AS name: GOOGLE Hostname: 47.113.196.104.bc.googleusercontent.com

The host at this IP address (35.230.95.205) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://35.230.95.205/vxqhj/6U2gFiQPk/ AS number: AS15169 AS name: GOOGLE Hostname: 205.95.230.35.bc.googleusercontent.com

uno-duro-grils.blogspot.com. 3599 IN CNAME blogspot.l.googleusercontent.com. blogspot.l.googleusercontent.com. 299 IN A 142.250.68.33 Received: from email.uem.mz (email.uem.mz [196.3.96.144]) by xx; Tue, 6 Oct 2020 06:22:59 -0400 (EDT) Received: from 195.54.167.152 (unknown [200.233.240.48]) by email.uem.mz (Postfix) with ESMTPSA id xx; Thu, 1 Oct 2020 00:22:33 +0200 (CAT) MessageID: xx@mashtechno.co.mz X-Mailer: KANA Light ver Reply-To:Abril <info@martindenzin.de> From: Abril <info@martindenzin.de> List-Unsubscribe:… Читать далее Using hacked servers to send spam for: uno-duro-grils.blogspot.com

https://skycollegeus-my.sharepoint.com/:w:/g/personal/erinbrown2_skycollegeus_onmicrosoft_com/EWPzum6lPlBPkRyzKH8tZH8BdEeJ-h0VTI1tMGE0AhZgGw?e=4%3alBei7j&at=9 >>> https://cldrg.com/?a=115981&c=191109&s1=mp Meta-Refresh https://cldrg.com?a=115981&c=191109&oc=82293&sr=t&s1=mp&vt=1602205614695&h=f8cfae9dc52dd4ebeef2b9a2499d4a28f8645bd1&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D115981%26c%3D191109%26s1%3Dmp&us=00000000000000000000000000000000 302 Redirect https://www.flirtsfinder.com/?ainfo=NTQ1Njd8NjkyN3w=&skin=301&i=1&xcc=115981_mp&click_id=b3eff510b22b46adbf45730d028aa863f2ea flirtsfinder.com. 10 IN A 35.203.113.247 ___________ Was: >>> https://cldrg.com/?a=xx&c=xx&s1=love Meta-Refresh https://cldrg.com?a=xx&c=xx&oc=xx&sr=t&s1=love&vt=xx&h=xx&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D115981%26c%3D162792%26s1%3Dlove&us=00000000000000000000000000000000 302 Redirect https://matchjunkie.com/dclick?campaign_id=cm_cdd2&s2=xx&s3=xx&lb=1&oid=xx 302 Redirect https://cindymatches.com/?s1=fwe&s3=cmcdd2 cldrg.com. 59 IN A 52.2.252.34 cldrg.com. 59 IN A 3.220.160.66 cldrg.com. 59 IN A 54.173.242.210 cldrg.com. 59 IN A 54.84.245.233 matchjunkie.com. 299 IN A 104.27.129.129 matchjunkie.com. 299 IN A 104.27.128.129… Читать далее Repeated spamming using sharepoint.com links to hide behind: flirtsfinder.com

They use hacked servers/accounts to send spam. See: https://www.google.com/search?q=%22epostego.com%22 udmiztore@epostego.com zoloudmila@epostego.com ;; QUESTION SECTION: ;epostego.com. IN MX ;; ANSWER SECTION: epostego.com. 21599 IN MX 10 aspmx2.googlemail.com. epostego.com. 21599 IN MX 5 alt1.aspmx.l.google.com. epostego.com. 21599 IN MX 1 aspmx.l.google.com. 74.125.137.26 epostego.com. 21599 IN MX 5 alt2.aspmx.l.google.com. epostego.com. 21599 IN MX 10 aspmx3.googlemail.com. _______ One sample: Received:… Читать далее Dating spammer email domain: epostego.com — hosted at Gmail.

http://blog-formeetingbest-babyes.blogspot.com/ ;; QUESTION SECTION: ;blog-formeetingbest-babyes.blogspot.com. IN A ;; ANSWER SECTION: blog-formeetingbest-babyes.blogspot.com. 3599 IN CNAME blogspot.l.googleusercontent.com. blogspot.l.googleusercontent.com. 299 IN A 142.250.68.97 Received: from mail.mountainroad.de (mail.mountainroad.de [49.12.113.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by xx; Mon, 12 Oct 2020 00:22:15 -0400 (EDT) From: Clelia Van Dyk <ali.standerwick@wessexwater.co.uk> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wessexwater.co.uk;… Читать далее Using hacked servers to send spam for: blog-formeetingbest-babyes.blogspot.com

Received: from fvwnsuxfjv.co.uk (104.46.231.244 [104.46.231.244]) From: Heart Health Trick <contact.[] Subject: [], THIRTEEN X The Risk Of Heart Attack Due To THIS? Date: Mon, 12 Oct 2020 19:1x:xx +0100 URL: https://storage.googleapis.com/[] Server IP address is 216.58.195.80 => URL: http://r2.azwestern.space/rdt/[] Server IP address is 159.203.56.19 => Location: https://www.airtaryo.com/[] Server IP address is 188.119.120.49 => Location: https://www.efphysio-thirdelement.com/[]/?sub1=[]&sub2=[]… Читать далее Spamvertised website

http://club-4meetingvip-babyes.blogspot.com ;; QUESTION SECTION: ;club-4meetingvip-babyes.blogspot.com. IN A ;; ANSWER SECTION: club-4meetingvip-babyes.blogspot.com.blogspot.com. 3599 IN CNAME blogspot.l.googleusercontent.com. blogspot.l.googleusercontent.com. 299 IN A 142.250.68.97 Received: from mail.ecloud.global (mail.ecloud.global [135.181.85.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by xxx; Mon, 12 Oct 2020 17:47:19 -0400 (EDT) Received: from authenticated-user (mail.ecloud.global [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384… Читать далее Using hacked servers to send spam for: club-4meetingvip-babyes.blogspot.com