Spammer hosting @104.22.10.49

Spammer hosting located here:
http://wifilikes.ru/XXX/
-> http://www.info-source06.space/?cxrccodc
—> http://go.fast2tck.com/aff_c?offer_id=X
—> https://appgroundapp.com/api/v1/flows/832/click?id=X
—-> https://btcsystemweb.com/index-de.html?click=X
——> https://widgets.investous.com/AutoLogin/InitAutoLogin?oftc=X
——> https://www.investous.com:443/redirects/trade/?oftc=X

$ dig +short widgets.investous.com
widgets.investous.com.cdn.cloudflare.net.
104.22.11.49
104.22.10.49

Spam sample
====================================================================
Received: from pharmfac.net (unknown [194.141.43.23])
by X (Postfix) with ESMTP
for <hans-peter.aeberli@sisra.ch>; Tue, 10 Mar 2020 X
Received: (qmail 199949 invoked by uid 89); 10 Mar 2020 X
Received: by simscan 1.4.0 ppid: X, pid: X, t: 0.4056s
scanners: attach: 1.4.0 clamav: 0.99.2/m:
Received: from unknown (HELO 95x78x127x154.static-customer.chelny.ertelecom.ru) (nlambov@pharmfac.net@85.26.165.128)
by pharmfac.net with ESMTPA; 10 Mar 2020 X
Received:by uspmta9935.pharmfac.net id X for <X>; Tue, 10 Mar 2020 X (envelope-from <suite22@pharmfac.net>)
To: X
Message-ID: <X@uspmta868998.pharmfac.net>
Subject: Die Zahlung an das Girokonto wird bestatigt.
X-Mailer: Microsoft Windows Live Mail 15.4.3538.513
From: =?windows-1252?B?VGVjaG5pc2NoZXIgVW50ZXJzdPx0enVuZw==?= <nlambov@pharmfac.net>
MIME-Version: 1.0
List-Id: X
Precedence: bulk
X-Report-Abuse: abuse-report@pharmfac.net
X-CSA-Complaints: whitelist-complaints@pharmfac.net
Feedback-ID: X:X:serial:invest2
List-Unsubscribe: <X@pharmfac.net>
Content-Type: multipart/alternative; boundary=»X»
Date: Tue, 10 Mar 2020 X
[…]
====================================================================

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *