Received: from mail-io1-xd30.google.com ([2607:f8b0:4864:20::d30]) From: Temobase Store <tranghue1990@gmail.com> Reply-To: nancy@temogear.com Date: Thu, 14 Oct 2021 19:26:23 -0700 Subject:You’d love these [] shirts https://printsify.xyz/[] 68.65.123.54 https://tikidesigns.xyz/[] 198.54.126.123 https://www.kustombasez.com/products/[] 185.33.94.234
Рубрика: namecheap.com
Spamvertised website
Received: from mail-io1-xd30.google.com ([2607:f8b0:4864:20::d30]) From: Temobase Store <tranghue1990@gmail.com> Reply-To: nancy@temogear.com Date: Thu, 14 Oct 2021 19:26:23 -0700 Subject:You’d love these [] shirts https://printsify.xyz/[] 68.65.123.54 https://tikidesigns.xyz/[] 198.54.126.123 https://www.kustombasez.com/products/[] 185.33.94.234
phishing server
wfbankconnectsecure.com has address 66.29.143.97 helpinfologin.com has address 66.29.143.97 mobile-check-online.com has address 66.29.143.97 mobile-check-your-account.com has address 66.29.143.97 support-check-your-account.com has address 66.29.143.97
phishing server
mobile-wf-failed.com has address 66.29.143.79 login-denied-center.com has address 66.29.143.79 login-denied-info.com has address 66.29.143.79 login-failed-mob.com has address 66.29.143.79
spam support (domains)
domain used in spam operation 45ujh45.xyz|192.64.119.156
Spamvertised website
Received: from mail-ot1-f67.google.com (mail-ot1-f67.google.com [209.85.210.67]) From: «Marla J. Martino» <tranngan225@gmail.com> Reply-To: tranngan225@gmail.com Date: Fri, 1 Oct 2021 07:25:54 -0700 Subject: [SALE OFF] []’s Family Tee Shirt Collection https://tanametee.com/searchname?q=[] 68.65.120.217 https://teefaname004.com/search?q=[] 198.54.120.85 https://dhktshop.com/_/search?q=[] 35.244.233.73
Spamvertised website
Received: from mail-ot1-f67.google.com (mail-ot1-f67.google.com [209.85.210.67]) From: «Marla J. Martino» <tranngan225@gmail.com> Reply-To: tranngan225@gmail.com Date: Fri, 1 Oct 2021 07:25:54 -0700 Subject: [SALE OFF] []’s Family Tee Shirt Collection https://tanametee.com/searchname?q=[] 68.65.120.217 https://teefaname004.com/search?q=[] 198.54.120.85 https://dhktshop.com/_/search?q=[] 35.244.233.73
Phishing payload
$ host info-passport.me info-passport.me has address 199.188.201.34 This site hosts a phishing payload against the NHS. It is only accessible from UK IPs.
phishing server
online-company-services.com has address 66.29.131.85 alerts-info-card-mob.com has address 66.29.131.85 info-contact-us.com has address 66.29.131.85 access-helping.com has address 66.29.131.85 info-notify-wf.com has address 66.29.131.85 access-action-required.com has address 66.29.131.85
Bank phishing redirector
hxxp[://]winner2100k[.]xyz is an active bank phishing redirector. $ host winner2100k.xyz winner2100k.xyz has address 192.64.119.196