IP hosting a phish site.
ec2-54-201-107-192.us-west-2.compute.amazonaws.com. 604800 IN A 54.201.107.192
URL: http://54.201.107.192/60006/www7.htm
Server IP address is 54.201.107.192
HTTP/1.1 200 OK
Connection: close
Date: Wed, 15 Dec 2021 xx:xx:xx GMT
Accept-Ranges: bytes
Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.25
Content-Length: 10729
Content-Type: text/html
Last-Modified: Wed, 15 Dec 2021 16:15:57 GMT
<!DOCTYPE html>
[…]
<form id=»contact» method=»POST» action=»»>
<div class=»form-holder»>
<div style=»width: 100%;»>
<div class=»alert alert-danger hide alert2″></div>
</div>
<input type=»email» id=»email» name=»email» class=»form-control» value=»» placeholder=»someone@example.com» required=»»>
<input type=»password» id=»password» name=»password» placeholder=»Password» class=»form-control» required=»»>
[…]
==================================================================
Return-Path: <www@x>
Received: from mail.federalberghiriccione.it (mail.federalberghiriccione.it [195.43.168.44])
by x (Postfix) with ESMTPS id x
for <x>; Wed, 15 Dec 2021 xx:xx:xx +0100 (CET)
Received: from x (ec2-3-10-179-221.eu-west-2.compute.amazonaws.com [3.10.179.221])
(Authenticated sender: milano@federalberghiriccione.it)
by mail.federalberghiriccione.it (Postfix) with ESMTPSA id x
for <x>; Wed, 15 Dec 2021 xx:xx:xx +0100 (CET)
From: Mail Delivery System <www@x>
To: x
Subject: ***You Have 4 Unreceived Emails*** [ERORR19:00]
Date: 15 Dec 2021 xx:xx:xx +0000
MIME-Version: 1.0
Content-Type: text/html;
charset=»iso-8859-1″
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: x
X-Spamd-Result: default: False [2.79 / 20.00];
FROM_SERVICE_ACCT(1.00)[];
HTTP_TO_IP(1.00)[];
ENVFROM_SERVICE_ACCT(1.00)[];
GENERIC_REPUTATION(-0.41)[-0.41195833665218];
MIME_HTML_ONLY(0.20)[];
RCVD_COUNT_ZERO(0.00)[0];
FROM_EQ_ENVFROM(0.00)[];
MIME_TRACE(0.00)[0:~];
TO_MATCH_ENVRCPT_ALL(0.00)[];
TO_DN_NONE(0.00)[];
ASN(0.00)[asn:16509, ipnet:3.8.0.0/14, country:US];
FROM_HAS_DN(0.00)[];
RCPT_COUNT_ONE(0.00)[1];
MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Server: mail.federalberghiriccione.it
X-Original-Message-ID: <x@x>
Notification
Dear User,
You have 4 Unreceived Clustered Emails on 15^th- December — 2021, not
delivered to Inbox.
This was due to a system delay.
Rectify Below:
<A […] href=»http://54.201.107.192/60006/www7.htm» […]>Release Pending Message To Inbox </A>
x email support