Repeated spamming using sharepoint.com links to hide behind: flirtsfinder.com

https://skycollegeus-my.sharepoint.com/:w:/g/personal/erinbrown2_skycollegeus_onmicrosoft_com/EWPzum6lPlBPkRyzKH8tZH8BdEeJ-h0VTI1tMGE0AhZgGw?e=4%3alBei7j&at=9

>>> https://cldrg.com/?a=115981&c=191109&s1=mp

Meta-Refresh

https://cldrg.com?a=115981&c=191109&oc=82293&sr=t&s1=mp&vt=1602205614695&h=f8cfae9dc52dd4ebeef2b9a2499d4a28f8645bd1&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D115981%26c%3D191109%26s1%3Dmp&us=00000000000000000000000000000000

302 Redirect

https://www.flirtsfinder.com/?ainfo=NTQ1Njd8NjkyN3w=&skin=301&i=1&xcc=115981_mp&click_id=b3eff510b22b46adbf45730d028aa863f2ea

flirtsfinder.com. 10 IN A 35.203.113.247

___________

Was:

>>> https://cldrg.com/?a=xx&c=xx&s1=love

Meta-Refresh

https://cldrg.com?a=xx&c=xx&oc=xx&sr=t&s1=love&vt=xx&h=xx&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D115981%26c%3D162792%26s1%3Dlove&us=00000000000000000000000000000000

302 Redirect

https://matchjunkie.com/dclick?campaign_id=cm_cdd2&s2=xx&s3=xx&lb=1&oid=xx

302 Redirect

https://cindymatches.com/?s1=fwe&s3=cmcdd2

cldrg.com. 59 IN A 52.2.252.34
cldrg.com. 59 IN A 3.220.160.66
cldrg.com. 59 IN A 54.173.242.210
cldrg.com. 59 IN A 54.84.245.233

matchjunkie.com. 299 IN A 104.27.129.129
matchjunkie.com. 299 IN A 104.27.128.129
matchjunkie.com. 299 IN A 172.67.194.64

cindymatches.com. 299 IN A 172.67.74.62
cindymatches.com. 299 IN A 104.26.9.224
cindymatches.com. 299 IN A 104.26.8.224

____________________

Was:

>>> track.redirecttrack1.com/click?pid=xx&offer_id=659&sub1=love

302 Redirect

https://mediatransits.g2afse.com/click?pid=2&offer_id=56&sub3=5f750e4396c6540001d0b999

302 Redirect

https://securesafemembers.com/hit.php?s=950&p=1&a=108482&t=0&bop=1&bo=1&bon=straight&extra=5f750e44125d990001bcfb12&c=2

302 Redirect

https://securesafemembers.com/newhit.php?s=950&p=1&a=108482&t=0&bop=1&bo=1&bon=straight&extra=5f750e44125d990001bcfb12&c=2

301 Redirect

http://uhitit.com/whalecash.php?tourid=46&s=950&p=1&a=108482&t=0&bop=1&bo=1&bon=straight&extra=5f750e44125d990001bcfb12&c=2&original_program=1&program=1&ref=&referrer=&site=950&affiliate=108482&ipv4=167775344&tour=0&campaign=2&console=0&mpa3id=0&ip=10.0.12.112&mpa3track=MTA4NDgyfDk1MHwxfDB8Mg==

302 Redirect

http://uhitit.com/click.php?tourid=46&c=242&track=3|:|108482|:|whalecash:|:950:|:108482:|:1:|:0:|:2:|:5f750e44125d990001bcfb12:|:104.219.248.110|:||:||:|

302 Redirect

>>> https://a-202009302424686032.uhitit.com/tours/116/1/index.php?aid=1&t=3|:|xx|:|whalecash:|:xx:|:xx:|:1:|:0:|:2:|:xx:|:xx|:||:||:|&clickid=xx&niche=default&email=¬rack=&campaignid=242&username=&firstname=&lastname=

;; ANSWER SECTION:
mediatransits.g2afse.com. 299 IN CNAME mediatransits.affise.com.
mediatransits.affise.com. 299 IN A 212.32.252.71

;; ANSWER SECTION:
track.redirecttrack1.com. 14305 IN CNAME bilbono.g2afse.com.
bilbono.g2afse.com. 3505 IN CNAME bilbono.affise.com.
bilbono.affise.com. 205 IN A 212.32.254.138

xx.uhitit.com. 59 IN A 34.218.52.233
xx.uhitit.com. 59 IN A 52.43.115.209

___________

Was:

>>> https://go.cm-trk3.com/rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3D22014%26s2%3D1120016%26s3%3D19649%26s5%3D%26click_id%xx%26j1%3D1%26j3%3D1

;go.cm-trk3.com. IN A

;; ANSWER SECTION:
go.cm-trk3.com. 3510 IN CNAME track.cpamatica.com.
track.cpamatica.com. 59 IN A 173.0.157.217

;onxgoa.datetofcuk.net. IN A

;; ANSWER SECTION:
onxgoa.datetofcuk.net. 3460 IN CNAME llbkq.abtrcker.com.
llbkq.abtrcker.com. 3542 IN CNAME j1.jump6geo.com.
j1.jump6geo.com. 59 IN A 54.205.191.137

_____________________

Was:
[13.107.136.9] https://lu9-my.sharepoint.com/:u:/g/personal/hakzuj_5tb_in/EQpd2YvKMshGvdn-bICF_zYBU1ARRymleM59A4u54tAkCg?e=4%3aIAmcGt&at=9

[13.107.136.9] https://lu9-my.sharepoint.com/:u:/g/personal/meosav_5tb_in/EWPKWNt4XBpNgOfOoobCNHkBHdYmhbBOGWpya_EciUcAOg?e=4%3af8NDY2&at=9

[13.107.136.9] https://studentmtsac-my.sharepoint.com/:w:/g/personal/rmarshal_student_mtsac_edu/EZyjbUnYtDZGocXVWmnmEvgBfVDqQKspvsh3LHBuPT4BWw?e=4%3aLb3TyY&at=9

[13.107.136.9] https://mailccsf-my.sharepoint.com/:w:/g/personal/pwallac5_mail_ccsf_edu/EeKD5sZ7CRZLi9GEk1UpYs4B49Nw4eDPPmarvl5QWsmE3g?e=4%3aXRK1An&at=9

[13.107.136.9] https://lu9-my.sharepoint.com/:u:/g/personal/gijnil_5tb_in/EcXSlDzXKkVAr6RqMWsBLmYBTitGqOoZqOzNAvAHSeJd1w?e=4%3ambw7gv&at=9

Received: from APC01-HK2-obe.outbound.protection.outlook.com (mail-eopbgr1300122.outbound.protection.outlook.com [40.107.130.122])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by xxxxx; Mon, 14 Sep 2020 22:14:20 -0400 (EDT)
Subject: Lissa Huynh shared «WhatsApp Chat-Now» with you.
Cc: Lissa Huynh <gijnil@5tb.in>
From: Lissa Huynh <no-reply@sharepointonline.com>
MIME-Version: 1.0
Content-Type: multipart/related; boundary=»=-x+x==»;
type=»text/html»

Lissa Huynh shared a file with you

Here’s the document that Lissa Huynh shared with you.
icon WhatsApp Chat-Now
permission globe icon This link will work for anyone.
Open

Опубликовано
В рубрике google.com

Добавить комментарий

Ваш адрес email не будет опубликован.