Malware/Fraud Package Delivery Scam Emitter/Web Hosting!

This IP address has been sending quantities of package delivery scam emails for a bit over a week. THe URI in the email is also hosted on this IP address. This is almost certainly a compromised website with a malware infection.

Received: from kob.su (kob.su [138.201.18.87])
Date: Sat, 12 Mar 2022 09:##:## +0300
From: Postnord <info@kob.su>
Reply-To: info@kob.su
Subject: Bekräfta din adress för din skickade beställning

<snip>

Observera att ditt paket fortfarande är under behandling eftersom du inte har betalat tullavgifter.
Följ instruktionerna :

Välj leveranstid för försändelsen
Köpmannens namn: Postnord
Leverans planerad till 11-03-2022

För ytterligare tjänster kan du hitta din leveransspårning genom att [ klicka här ].
[[ http://kob.su/iem/link.php?<x> \\

<snip>

$ host kob.su
kob.su has address 138.201.18.87
kob.su mail is handled by 10 aspmx.l.google.com.
kob.su mail is handled by 30 aspmx2.googlemail.com.
kob.su mail is handled by 30 aspmx3.googlemail.com.
kob.su mail is handled by 20 alt2.aspmx.l.google.com.
kob.su mail is handled by 20 alt1.aspmx.l.google.com.
kob.su mail is handled by 30 aspmx5.googlemail.com.
kob.su mail is handled by 30 aspmx4.googlemail.com.

% Information related to ‘138.201.18.64 — 138.201.18.127’

% Abuse contact for ‘138.201.18.64 — 138.201.18.127’ is ‘abuse@hetzner.com’

inetnum: 138.201.18.64 — 138.201.18.127
netname: HETZNER-fsn1-dc8
descr: Hetzner Online GmbH
descr: Datacenter fsn1-dc8
country: DE
admin-c: HOAC1-RIPE
tech-c: HOAC1-RIPE
status: LEGACY
remarks: INFRA-AW
mnt-by: HOS-GUN
mnt-lower: HOS-GUN
mnt-routes: HOS-GUN
created: 2018-03-15T13:48:26Z
last-modified: 2018-03-15T13:48:26Z
source: RIPE

role: Hetzner Online GmbH — Contact Role
address: Hetzner Online GmbH
address: Industriestrasse 25
address: D-91710 Gunzenhausen
address: Germany
phone: +49 9831 505-0
fax-no: +49 9831 505-3
abuse-mailbox: abuse@hetzner.com
remarks: *************************************************
remarks: * For spam/abuse/security issues please contact *
remarks: * abuse@hetzner.com, or fill out the form at *
remarks: * abuse.hetzner.com, thank you. *
remarks: *************************************************
remarks:
remarks: *************************************************
remarks: * Any questions on Peering please send to *
remarks: * peering@hetzner.com *
remarks: *************************************************
org: ORG-HOA1-RIPE
admin-c: MH375-RIPE
tech-c: GM834-RIPE
tech-c: SK2374-RIPE
tech-c: TF2013-RIPE
tech-c: MF1400-RIPE
tech-c: SK8441-RIPE
nic-hdl: HOAC1-RIPE
mnt-by: HOS-GUN
created: 2004-08-12T09:40:20Z
last-modified: 2020-09-25T12:21:56Z
source: RIPE # Filtered

% Information related to ‘138.201.0.0/16AS24940’

route: 138.201.0.0/16
descr: HETZNER-RZ-BLK-ERX4
origin: AS24940
org: ORG-HOA1-RIPE
mnt-by: HOS-GUN
created: 2012-12-24T09:10:23Z
last-modified: 2012-12-24T09:10:23Z
source: RIPE

organisation: ORG-HOA1-RIPE
org-name: Hetzner Online GmbH
country: DE
org-type: LIR
address: Industriestrasse 25
address: D-91710
address: Gunzenhausen
address: GERMANY
phone: +49 9831 5050
fax-no: +49 9831 5053
admin-c: TF2013-RIPE
admin-c: MF1400-RIPE
admin-c: GM834-RIPE
admin-c: HOAC1-RIPE
admin-c: MH375-RIPE
admin-c: SK2374-RIPE
admin-c: SK8441-RIPE
abuse-c: HOAC1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: HOS-GUN
mnt-by: RIPE-NCC-HM-MNT
mnt-by: HOS-GUN
created: 2004-04-17T11:07:58Z
last-modified: 2020-12-16T13:13:06Z
source: RIPE # Filtered

domain: KOB.SU
nserver: ns1.reg.ru.
nserver: ns2.reg.ru.
state: REGISTERED, DELEGATED
person: Private Person
e-mail: admin@kob.su
registrar: REGRU-SU
created: 2008-04-28T20:00:00Z
paid-till: 2022-04-28T21:00:00Z
free-date: 2022-06-01
source: TCI

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *