A huge and aggressive maladvertisement campaign and in some case scam hit Italy and Europe generally. Is quite aggressive (3 email every 25 minutes) and the body of email contain template for other phishing attempts. No malware find right now but account manipolation. – Often u can see reply to a rambler and gmail addressess. Behind everything seem a domain called affpartners.com (nothing on it) and that domain use efty.com as hosting provider.
phishing campaign
NORTON
Your norton security subscrioption has expired
newsletter.cqmp00oqiy@vuwdqproq.com
message id: o4034Xhrzx5377554szzs20607lLH1092AnAW20.6.GRB6489466924@affpartners.com
ds9v@vuwdqproq.com-o4034Xhrzx5377554szzs20607lLH1092AnAW20 (c4034enzBG5377554ZoHe20607hpE1092epcX20.mail.126.com. 185.144.28.169
vuwdqproq.com (vuwdqproq.com. [185.144.28.169])
AMAZON
Attn Please: Your [A.M.A.Z.O.N]🎁 Reward Has Arrived This Month.. No.421525
newsletter.97323@agiuvdbcxdirh.com
newsletter@onmicrosoft.com
195.123.242.77
REPLY TO: wendzichmartin@gmail.com
LINK https://storage.googleapis.com/akesel/akesel.html#/rd/c4044XZOpr10842428rlXH187165Qtm1097rTQo440
https://theshoppsurvey.com/visitor_us/index_14_d.php?device_name=Desktop&browser_name=Firefox&language=en-US&city=Milledgeville&clickid=7aec6h98wp29zfa5&campaign=104&user_id=1&clickcost=0&lander=614&time=1608491772&browser_version=78&device_model=Desktop&device_brand=Desktop&resolution=800×600&os_name=Linux%20x86_64&os_version=Unknown&country=United%20States&country_code=US&isp=Total%20Server%20Solutions%20L.L.C.&ip=173.0.77.85&user_agent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:78.0)%20Gecko/20100101%20Firefox/78.0&lpkey=16cd08354916209572&target=amz&device=DESKTOP&country=US&ts=Unknown&uclick=h98wp2bg&uclickhash=h98wp2bg-h98wp29z-2twj-xsbl-j68n-fvqn-fvwh-a3d32d#
mediadkim.com (mediadkim.com. [88.218.190.197])
https://storage.googleapis.com/akesel/akesel.html#/rd/c4041XhzyW10842428NYGG187165QAT1098LoKY146
https://coffeegirlss.com/ele-bill/?9ad8a778799345e143a308033669647f
MCAFEE
Your McAfee™Total Protection Subscription Has Expired⚠️🚨⚠️Your Device is Infected With (𝟎𝟕) Trojan viruses
newsletter.e4mxypthgn@mediadkim.com
o4039qBJBz10842428Iogu187165PGS1098ORAP53.1.JNS9348638198@affpartners.com
newsletter.e4mxypthgn@mediadkim.com
wendzichmartin@gmail.com
o6nh@mediadkim.com-o4039qBJBz10842428Iogu187165PGS1098ORAP53 (c4039oKSyA10842428cmfO187165BNX1098SECl53.mail.126.com. 88.218.190.197)
mediadkim.com (mediadkim.com. [88.218.190.197])
https://storage.googleapis.com/akesel/akesel.html#/rd/c4039EmdEV10842428LjzW187165UWO1098tKSL53
newsletter.u12fnsshmw@wcyrjlszoo.com
https://storage.googleapis.com/akesel/akesel.html#/rd/c4011ramuE1468993WRiY46151SDX811PGaQ356
findout.eu.com
smart102944@gmail.com
vnfe@wcyrjlszoo.com-o4011wqGDR1468993kptl46151YeT811OnMr356 (c4011fcgVM1468993rwuF46151FjB811djYt356.mail.126.com. 208.82.117.158)
wcyrjlszoo.com (wcyrjlszoo.com. [208.82.117.158])
https://oneoftfew.com/us-mcf-3/?32566afac6e0b25cf9a4ec402c99d005
WIFI
Best WiFi Booster on the Market Now 50% OFF
newsletter.0almgiwm3y@qrksjrjppkam.com
yv3j@qrksjrjppkam.com-o4043WQhsD10842428xcig187165ChZ1219AukI21 (c4043QFMAw10842428hfDy187165RyC1219NGnw21.mail.126.com. 195.123.212.46)
qrksjrjppkam.com (qrksjrjppkam.com. [195.123.212.46])
reply to: jeletaturik@rambler.ru
https://storage.googleapis.com/akesel/akesel.html#/rd/c4043jZicV10842428uTaI187165DoO1219OfGx21
https://deals.ultrawifiplus.com/blog/4?affID=304&C1=202084&C2=cbde4dcd1f3ae528e748fc55a0c2ae26&C3=27352&C4=350394&C5=&click_id=0c0f4c3744cc47b49466dce2a3206bf1?affID=304&C1=202084&C2=cbde4dcd1f3ae528e748fc55a0c2ae26&C3=27352&C4=350394&C5=&click_id=0c0f4c3744cc47b49466dce2a3206bf1
UPS
We have been trying to reach you – Please respond!
affpartners
o4040MygEc10842428NMyd187165xDg857iSgX2.5.LPP2153812447@affpartners.com
wendzichmartin@gmail.com
newsletter.31984@ikealcmavhpk.com
ikealcmavhpk.com (ikealcmavhpk.com. [89.33.193.139])
https://storage.googleapis.com/akesel/akesel.html#/rd/c4040dIdxj10842428kMmu187165VFe857Ybzs2
https://surveyandrewards.com/?e5f92c885b58a6386c7bb89a2de7405a
SOMEONE TRIED TO LOG INT0 YOUR ACCOUNT!
newsletter.4xja5k0wb9@cdbxuzzlgfhh.com
o4000vLGKz10842428BGLZ187165gGP1259UsMV228.2.TTC2071431369@affpartners.com
net_dns1@hotmail.com, net_dns100@hotmail.com, mediapub.supp@gmail.com, maillistafind@gmail.com, AnnaL.Logue@hotmail.com, sdloek@163.com, sdloek@yeah.net, ezoidl@126.com, sa0ri.k.1202@gmail.com, ish000464@gmail.com, fasfafgg@gmail.com, cmayeda61@gmail.com, sierrans016@gmail.com, dujjjjjjjj@gmail.com, wearesonsofredemption@gmail.com, fstianheng@gmail.com, marymcdaniel947@gmail.com, mdutra1909@gmail.com, alexerkuko8@gmail.com, michel.ducoeur@gmail.com, allrandomcat1999@gmail.com, karay214@gmail.com, eefjediep@gmail.com, transfert.franck@gmail.com, mandagode21@gmail.com, regenaemberley170@gmail.com, vallielobregat02@gmail.com
nhhz@cdbxuzzlgfhh.com-o4000vLGKz10842428BGLZ187165gGP1259UsMV228 (c4000NSVrx10842428PcDj187165JHv1259upPm228.mail.126.com. 139.59.125.178)
cdbxuzzlgfhh.com (cdbxuzzlgfhh.com. [139.59.125.178])
Stop Overpaying for Electricity! – Heres How’
newsletter.f32oe4gzcc@mediadkim.com
jeletaturik@rambler.ru
3jga@mediadkim.com-o4041HnwSs10842428IYQE187165ayF1098Quso146 (c4041EHfYq10842428beyq187165qBg1098oeWg146.mail.126.com. 88.218.190.197)
mediadkim.com (mediadkim.com. [88.218.190.197])
https://storage.googleapis.com/akesel/akesel.html#/rd/c4041XhzyW10842428NYGG187165QAT1098LoKY146
MCAFEE
Your McAfee™Total Protection Subscription Has Expired⚠️🚨⚠️Your Device is Infected With (𝟎𝟕) Trojan viruses
newsletter.e4mxypthgn@mediadkim.com
o4039qBJBz10842428Iogu187165PGS1098ORAP53.1.JNS9348638198@affpartners.com
newsletter.e4mxypthgn@mediadkim.com
wendzichmartin@gmail.com
o6nh@mediadkim.com-o4039qBJBz10842428Iogu187165PGS1098ORAP53 (c4039oKSyA10842428cmfO187165BNX1098SECl53.mail.126.com. 88.218.190.197)
mediadkim.com (mediadkim.com. [88.218.190.197])
https://storage.googleapis.com/akesel/akesel.html#/rd/c4039EmdEV10842428LjzW187165UWO1098tKSL53
You have been selected
newsletter.81734@reading-cursors.com
affpartners.com
wendzichmartin@gmail.com
0snc@reading-cursors.com-o4026lWPMX10842428pGFK187165Plr873jGQt312 (c4026EbxWd10842428MaGA187165QwY873xQng312.mail.126.com. 176.114.8.23)
reading-cursors.com (reading-cursors.com. [176.114.8.23])
https://storage.googleapis.com/akesel/akesel.html#/rd/c4026cWeZy10842428RkHT187165knl873tvuO312
CapitalOne
Your personalized reward is here
newsletter.xi58fasptm@mediadkim.com
https://storage.googleapis.com/akesel/akesel.html#/rd/c4023DFZFC10842428bUCO187165kzD1098eRaR392
affpartners.com
jeletaturik@rambler.ru
e0r5@mediadkim.com-o4023hWFFJ10842428Zmnj187165Qqy1098LYJD392 (c4023olUfb10842428GSxG187165SUF1098rPek392.mail.126.com. 88.218.190.197)
mediadkim.com (mediadkim.com. [88.218.190.197])
STATE FARM
Congrats! Here’s your State Farm Reward for
newsletter.51760@mediadkim.com
https://storage.googleapis.com/akesel/akesel.html#/rd/c4021Tbokq10842428sVbt187165yMD1098iQmD394
affpartners.com
smart102944@gmail.com
odk5@mediadkim.com-o4021bojMW10842428BYQa187165EUO1098xtIU394 (c4021LplYt10842428PufG187165oFh1098eryN394.mail.126.com. 88.218.190.197)
mediadkim.com (mediadkim.com. [88.218.190.197])
https://storage.googleapis.com/akesel/akesel.html#/rd/c4026cWeZy10842428RkHT187165knl873tvuO312
PAYMENT CODE
— check_your_account▶️▶️PAYOUT_VERIFICATION
newsletter.s1ueqc9mnp@nedmppiilnld.com
https://storage.googleapis.com/akesel/akesel.html#/rd/c4013pNLAk10842428YZJf187165PAx773QZIZ403
affpartners.com
jeletaturik@rambler.ru
ysov@nedmppiilnld.com-o4013fbWrZ10842428UJCL187165MTj773YKnO403 (c4013SmjlW10842428RsRG187165QZk773dSRT403.mail.126.com. 208.71.171.201)
nedmppiilnld.com (nedmppiilnld.com. [208.71.171.201])
https://www.ragingbullslotscampaign.com/landing/starter350/?affid=8939,t=RBCU6b5a436aa4602e285a4ed279a825b6a0,ycid=27,yaid=4395,ybid=715020
LOG INTO YOUR ACCOUNT 2
newsletter.qerl5a7mh0@a2ecommerce.com
affpartners.com
net_dns1@hotmail.com, net_dns100@hotmail.com, mediapub.supp@gmail.com, maillistafind@gmail.com, AnnaL.Logue@hotmail.com, sdloek@163.com, sdloek@yeah.net, ezoidl@126.com, sa0ri.k.1202@gmail.com, ish000464@gmail.com, fasfafgg@gmail.com, cmayeda61@gmail.com, sierrans016@gmail.com, dujjjjjjjj@gmail.com, wearesonsofredemption@gmail.com, fstianheng@gmail.com, marymcdaniel947@gmail.com, mdutra1909@gmail.com, alexerkuko8@gmail.com, michel.ducoeur@gmail.com, allrandomcat1999@gmail.com, karay214@gmail.com, eefjediep@gmail.com, transfert.franck@gmail.com, mandagode21@gmail.com, regenaemberley170@gmail.com, vallielobregat02@gmail.com
a2ecommerce.com (a2ecommerce.com. [45.148.9.197])
Caria Giovanni - Security Blog 