Spammer hosting @104.21.63.238

Spammer hosting located here:
https://trk.klclick3.com/ls/click?upn=X
-> https://nostalgicgig.com/0/0/0/X
—> https://greenfeelingz.com/de-shark-1/index_2.php?id=X&s1=X&s2=X&s3=X
—> https://greenfeelingz.com/de-shark-1/?X
—-> https://bibcart.com/click?trvid=X&s2=X&s1=X&s3=X
——> https://vkgtrack.com/?a=X&oc=X&c=X&s2=X
——> https://shop5.ultramaxtestoenhancer.com/#/de/main/?campaign=X&subid1=X&subid2=&subid3=X&subid4=&temp=X

$ dig +short greenfeelingz.com
104.21.63.238
172.67.173.27

Spam sample
==============================
Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49])
by X (Postfix) with ESMTPS id X
for <X>; Sat, 20 Nov 2021 X
Received: by mail-ua1-f49.google.com with SMTP id X
for <X>; Sat, 20 Nov 2021 X
DKIM-Signature: X
X-Google-DKIM-Signature: X
X-Gm-Message-State: X
X-Google-Smtp-Source: X
X-Received: by 2002:a9f:3e01:: with SMTP id X;
Sat, 20 Nov 2021 X
To: X
From: «Original TestoUltra» <erihompson22+tttttt859*/fk@googlemail.com>
Date: Sat, 20 Nov 2021 X
Message-ID: <X@mail.gmail.com>
In-Reply-To: <X@mx.google.com>
References: <X@mx.google.com>
Subject: Re: HARTE UND LANGE EREKTIONEN HCHSTE LUST!!qOFyF
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
Content-Disposition: inline
Precedence: bulk
X-Autoreply: yes
Auto-Submitted: auto-replied
[…]
==============================

Добавить комментарий

Ваш адрес email не будет опубликован.