Spam Hosting (ukraine-vs-russia.com)

This IP address hosts ukraine-vs-russia.com, then landing page in a large spam blast currently being sent from an unnamed VPS server at VPSNet Latvia. The spam urges recipients to click a link to «vote» on whether they support Russia or Ukraine in the current conflict. Spamhaus has not checked the link, but «click bait» of this sort frequently leads to a scam, a website that hosts drive-by malware, or both.

SPAM SAMPLE:

Received: from ubuntu.localdomain (unknown [94.176.189.194])
Date: Sat, 26 Feb 2022 08:##:## +0000
From: Ukraine-vs-Russia <noreply@ukraine-vs-russia.com>
Subject: Vote for Ukraine vs. Russia. What do you support?

<snip>

Ukraine vs. Russia

Which side do you support on Russian invasion of Ukraine?

[ Vote now! ]
[[ https://srv196.naujienlaiskiu-siuntimas.lt/<x> ]]
[[ Redirects to => https://ukraine-vs-russia.com/ ]]

<snip>

HOSt LOOKUP:

$ host srv196.naujienlaiskiu-siuntimas.lt
srv196.naujienlaiskiu-siuntimas.lt has address 94.176.189.196

$ host 94.176.189.196
196.189.176.94.in-addr.arpa domain name pointer srv196.naujienlaiskiu-siuntimas.lt.

$ host ukraine-vs-russia.com
ukraine-vs-russia.com has address 162.55.162.190
ukraine-vs-russia.com mail is handled by 10 mail.ukraine-vs-russia.com.

$ host mail.ukraine-vs-russia.com.
mail.ukraine-vs-russia.com has address 92.61.37.175

WHOIS:

% Information related to ‘94.176.189.192 — 94.176.189.255’

% Abuse contact for ‘94.176.189.192 — 94.176.189.255’ is ‘abuse@vpsnet.lt’

inetnum: 94.176.189.192 — 94.176.189.255
netname: Maileap
country: LT
admin-c: NM7164-RIPE
tech-c: NM7164-RIPE
status: ASSIGNED PA
mnt-by: JS76764-MNT
created: 2021-03-22T16:34:40Z
last-modified: 2021-03-22T16:34:40Z
source: RIPE

person: Maileap Hostmaster
address: Donelaicio 33 Kaunas
phone: +44 20 80 899 522
nic-hdl: NM7164-RIPE
mnt-by: JS76764-MNT
created: 2017-09-26T10:21:35Z
last-modified: 2021-03-22T16:27:44Z
source: RIPE

% Information related to ‘94.176.189.0/24AS61053’

route: 94.176.189.0/24
origin: AS61053
mnt-by: JS76764-MNT
created: 2018-05-17T14:37:35Z
last-modified: 2018-05-17T14:38:04Z
source: RIPE

% Information related to ‘162.55.0.0 — 162.55.255.255’

% Abuse contact for ‘162.55.0.0 — 162.55.255.255’ is ‘abuse@hetzner.com’

inetnum: 162.55.0.0 — 162.55.255.255
netname: DE-HETZNER-19920803
country: DE
org: ORG-HOA1-RIPE
admin-c: HOAC1-RIPE
tech-c: HOAC1-RIPE
status: LEGACY
mnt-by: RIPE-NCC-LEGACY-MNT
mnt-by: HOS-GUN
mnt-lower: HOS-GUN
mnt-domains: HOS-GUN
mnt-routes: HOS-GUN
created: 2019-11-18T15:01:35Z
last-modified: 2019-11-18T15:01:35Z
source: RIPE

organisation: ORG-HOA1-RIPE
org-name: Hetzner Online GmbH
country: DE
org-type: LIR
address: Industriestrasse 25
address: D-91710
address: Gunzenhausen
address: GERMANY
phone: +49 9831 5050
fax-no: +49 9831 5053
admin-c: TF2013-RIPE
admin-c: MF1400-RIPE
admin-c: GM834-RIPE
admin-c: HOAC1-RIPE
admin-c: MH375-RIPE
admin-c: SK2374-RIPE
admin-c: SK8441-RIPE
abuse-c: HOAC1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: HOS-GUN
mnt-by: RIPE-NCC-HM-MNT
mnt-by: HOS-GUN
created: 2004-04-17T11:07:58Z
last-modified: 2020-12-16T13:13:06Z
source: RIPE # Filtered

role: Hetzner Online GmbH — Contact Role
address: Hetzner Online GmbH
address: Industriestrasse 25
address: D-91710 Gunzenhausen
address: Germany
phone: +49 9831 505-0
fax-no: +49 9831 505-3
abuse-mailbox: abuse@hetzner.com
remarks: *************************************************
remarks: * For spam/abuse/security issues please contact *
remarks: * abuse@hetzner.com, or fill out the form at *
remarks: * abuse.hetzner.com, thank you. *
remarks: *************************************************
remarks:
remarks: *************************************************
remarks: * Any questions on Peering please send to *
remarks: * peering@hetzner.com *
remarks: *************************************************
org: ORG-HOA1-RIPE
admin-c: MH375-RIPE
tech-c: GM834-RIPE
tech-c: SK2374-RIPE
tech-c: TF2013-RIPE
tech-c: MF1400-RIPE
tech-c: SK8441-RIPE
nic-hdl: HOAC1-RIPE
mnt-by: HOS-GUN
created: 2004-08-12T09:40:20Z
last-modified: 2020-09-25T12:21:56Z
source: RIPE # Filtered

% Information related to ‘162.55.0.0/16AS24940’

route: 162.55.0.0/16
org: ORG-HOA1-RIPE
descr: HETZNER-DC
origin: AS24940
mnt-by: HOS-GUN
created: 2021-03-09T11:08:53Z
last-modified: 2021-03-09T11:08:53Z
source: RIPE

organisation: ORG-HOA1-RIPE
org-name: Hetzner Online GmbH
country: DE
org-type: LIR
address: Industriestrasse 25
address: D-91710
address: Gunzenhausen
address: GERMANY
phone: +49 9831 5050
fax-no: +49 9831 5053
admin-c: TF2013-RIPE
admin-c: MF1400-RIPE
admin-c: GM834-RIPE
admin-c: HOAC1-RIPE
admin-c: MH375-RIPE
admin-c: SK2374-RIPE
admin-c: SK8441-RIPE
abuse-c: HOAC1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: HOS-GUN
mnt-by: RIPE-NCC-HM-MNT
mnt-by: HOS-GUN
created: 2004-04-17T11:07:58Z
last-modified: 2020-12-16T13:13:06Z
source: RIPE # Filtered

% Information related to ‘92.61.36.0 — 92.61.37.255’

% Abuse contact for ‘92.61.36.0 — 92.61.37.255’ is ‘abuse@telia.lt’

inetnum: 92.61.36.0 — 92.61.37.255
netname: Telia-Lietuva
descr: PBAS hosting system LAN
country: LT
admin-c: HSHM-RIPE
tech-c: HSHM-RIPE
status: ASSIGNED PA
mnt-by: MNT-LT-HOSTEX
created: 2008-06-20T15:00:51Z
last-modified: 2017-02-01T05:46:49Z
source: RIPE # Filtered

role: Telia Lietuva DC Hostmaster
address: Telia Lietuva, AB
address: Saltoniskiu g. 7A, LT-03501 Vilnius
address: Lithuania
abuse-mailbox: pagalba@hostex.lt
admin-c: LTIN3-RIPE
tech-c: LTIN3-RIPE
nic-hdl: HSHM-RIPE
mnt-by: MNT-LT-HOSTEX
created: 2007-12-07T14:21:58Z
last-modified: 2019-05-20T04:15:24Z
source: RIPE # Filtered

% Information related to ‘92.61.37.0/24AS43811’

route: 92.61.37.0/24
descr: Telia Lietuva, AB
origin: AS43811
mnt-by: MNT-LT-HOSTEX
created: 2020-07-01T06:53:58Z
last-modified: 2020-07-01T06:53:58Z
source: RIPE

Domain: naujienlaiskiu-siuntimas.lt
Status: registered
Registered: 2012-08-09
Expires: 2022-08-10
%
Registrar: Telia Lietuva, AB
Registrar website: http://www.hostex.lt
Registrar email: domains@hostex.lt
%
Contact organization: Telia Lietuva, AB
Contact email: domains@hostex.lt
%
Nameserver: ns3.hostex.lt
Nameserver: ns4.hostex.lt
Nameserver: ns1.hostex.lt
Nameserver: ns2.hostex.lt

[whois.name.com]
Domain Name: UKRAINE-VS-RUSSIA.COM
Registry Domain ID: 2620534465_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2021-06-18T10:57:22Z
Creation Date: 2021-06-18T10:57:22Z
Registrar Registration Expiration Date: 2022-06-18T10:57:22Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Reseller:
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Non-Public Data
Registrant Organization: ID forty six, UAB
Registrant Street: Non-Public Data
Registrant City: Non-Public Data
Registrant State/Province: Kaunas
Registrant Postal Code: 00000
Registrant Country: LT
Registrant Phone: Non-Public Data
Registrant Email: https://www.name.com/contact-domain-whois/ukraine-vs-russia.com/registrant
Registry Admin ID: Not Available From Registry
Admin Name: Non-Public Data
Admin Organization: Non-Public Data
Admin Street: Non-Public Data
Admin City: Non-Public Data
Admin State/Province: Non-Public Data
Admin Postal Code: 00000
Admin Country: AB
Admin Phone: Non-Public Data
Admin Email: https://www.name.com/contact-domain-whois/ukraine-vs-russia.com/admin
Registry Tech ID: Not Available From Registry
Tech Name: Non-Public Data
Tech Organization: Non-Public Data
Tech Street: Non-Public Data
Tech City: Non-Public Data
Tech State/Province: Non-Public Data
Tech Postal Code: 00000
Tech Country: AB
Tech Phone: Non-Public Data
Tech Email: https://www.name.com/contact-domain-whois/ukraine-vs-russia.com/tech
Name Server: ns1dns.name.com
Name Server: ns2fgp.name.com
Name Server: ns3cqz.name.com
Name Server: ns4lny.name.com
DNSSEC: unSigned

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *