Spammer hosting @52.239.139.100

Spammer hosting located here:
https://xiyesqyirxvpdsrluhjj.blob.core.windows.net/X
-> https://www.glowtrk5.com/X
—> https://dahit.co/X
—> https://goldenpromi.com/41/nutislic-m-med/gps/?ac=X
—-> https://bestsupportchannel.com/41/nutislic-m-med/gps/?req-id=X

$ dig +short xiyesqyirxvpdsrluhjj.blob.core.windows.net
blob.dub07prdstr09a.store.core.windows.net.
52.239.139.100

Spam sample
====================================================================
Received: from arguanline.com (unknown [191.96.55.39])
by X (Postfix) with ESMTP id X
for <X>; Wed, 23 Dec 2020 X
Date: Wed, 23 Dec 2020 X
From: «=?UTF-8?B?WmVudHJ1bSBmw7xyIFNjaMO2bmUgRmlndXI=?=» <services@arguanline.com>
Subject: =?UTF-8?B?VmVyYnJlbm5lbiBTaWUgZGFzIEvDtnJwZXJmZXR0IG3DvGhlbG9zLCBvaG5lIEZhc3Rlbmt1ciBvZGVyIEpvam8tRWZmZWt0?=
To: X
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=»—-=X.X»
Message-Id: <X>

——=X.X
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<center>
<a href=»https://xiyesqyirxvpdsrluhjj.blob.core.windows.net/X»> <br> Unsubscribe </a>
<br><br>
<a href=»https://xiyesqyirxvpdsrluhjj.blob.core.windows.net/X» target=»_blank»>
<img src=»https://xiyesqyirxvpdsrluhjj.blob.core.windows.net/X»>
</center>
<p style=»text-align: center;»><span style=»display:none;font-size:8px;»><span style=»color:#FFFFFF;»>
[…]
====================================================================

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *