Example:
Received: from 174.128.178.126 by 46.203.227.24; Mon, 03 Aug 2015 06:19:41 -0600The a href always points to the same domain
Message-ID: <OBQGDHMJCXMWTMUCUVHKKO@163.com>
From: "<A7>䯥<A4><CD>" <rsosmpk@163.com>
Reply-To: "<A7>䬶<A4>ͪ<BA><A8>k<A5><U+0373>̷s<A9><DB>" <iceaegrnltj@163.com>
To: QUOTED
Subject: <A7>䯥<A4>ͪ<BA><A4>k<A4>H
Date: Mon, 03 Aug 2015 17:19:41 +0500
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--0901866075153714"
X-Priority: 3
X-MSMail-Priority: Normal
----0901866075153714
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
<span style=3D"font-size:36px;"><span style=3D"color:#b22222;"><span styl=
e=3D"font-size: 28px;">=B7s=B7s=A4H=C3=FE=AA=BA=A7=DA=AD=CC=B4N=ADn=BA=C9=B1=
=A1=A8=C9=A8=FC=B3t=AD=B9=B7R=B1=A1=AA=BA=A7=D6=B7P</span></span></span></=
p>
<p>
<p>
<span style=3D"font-size:48px;"><b><a href=3D"hxxp://ppt.cc/II6He"><font =
color=3D"blue" face=3D"Arial">http://ppt.cc/II6He</font></a></b></span></p=
>
hxxp://ppt.cc/and redirects to
www.okbank.com.twI have found 55 unique IP addresses involved in this campaign
119.87.120.192
123.247.168.120
123.247.198.208
14.24.45.95
14.25.165.167
14.26.175.28
173.9.87.247
176.37.98.14
177.2.108.58
179.111.208.144
182.205.109.78
183.40.236.56
183.41.212.203
183.42.216.12
183.42.38.174
183.43.231.35
183.43.61.210
184.149.184.13
189.8.94.174
190.151.23.19
190.151.32.18
191.251.194.156
198.199.85.188
200.195.135.195
201.247.149.77
202.29.215.100
202.62.10.210
204.186.103.3
23.254.201.124
27.128.76.129
27.149.31.141
36.42.135.117
36.43.162.102
38.83.102.106
41.231.85.184
45.55.30.180
45.79.152.176
46.203.227.24
46.246.186.60
54.251.115.56
84.61.8.22
94.103.80.52
94.125.88.10
Keine Kommentare:
Kommentar veröffentlichen