Hacked Wordpress Sites Used for Dating Spam - 2018-06-12


#1


Adult content / dating spam. The main purpose of noting this is to help identify the hacked wordpress/cms sites which are being abused by miscreants.

Timestamps (Between):
2018-06-12T19:13:06
2018-06-12T21:39:47

Subject lines
Meet Naughty Girls in Your Area. Sign Up Now, it’s 100% Free!

Sender IP and GEO:
89.136.40.106, 6830, Liberty Global Operations B.V., RO
47.72.207.236, 9500, Vodafone NZ Ltd., NZ
103.77.197.197, NA, NA, IN
186.227.129.27, 53189, Toque Telecom Ltda, BR
91.202.161.88, 34799, Lugalink Ltd, UA
79.166.246.134, 3329, Vodafone-panafon Hellenic Telecommunications Company SA, GR
109.48.166.155, 2860, Nos Comunicacoes, S.A., PT
112.144.109.179, 17858, LG POWERCOMM, KR
189.182.121.60, 8151, Uninet S.A. de C.V., MX
171.251.49.162, 7552, Viettel Corporation, VN
113.173.144.161, 45899, VNPT Corp, VN
45.250.224.160, 133232, SAMPARK ESTATES PVT. LTD., IN
45.233.244.152, NA, NA, NA
186.233.237.41, 262772, GTV Internet, BR
197.188.158.167, 36996, TELECOM-NAMIBIA, NA
181.171.185.235, 10481, Prima S.A., AR
39.44.71.146, 45595, Pakistan Telecom Company Limited, PK
103.200.38.22, 2, University of Delaware, BD
190.237.75.65, 6147, Telefonica del Peru S.A.A., PE
111.73.59.184, 4134, Chinanet, CN
115.79.46.48, 7552, Viettel Corporation, VN
149.140.100.248, 8386, Vodafone Net Iletisim Hizmetleri Anonim Sirketi, TR
189.216.112.208, 28548, Cablevisión, S.A. de C.V., MX
113.78.218.121, 4134, Chinanet, CN
84.9.77.85, 25310, Cable & Wireless Access Limited, GB
181.41.224.52, 27754, Cooperativa Batan de Obras y Serv. Publicos Ltda, AR
77.230.15.235, 12430, Vodafone Spain, ES
39.32.239.207, 45595, Pakistan Telecom Company Limited, PK
14.189.55.110, 45899, VNPT Corp, VN
177.228.100.131, 13999, Mega Cable, S.A. de C.V., MX
213.150.187.73, 2609, Tunisia BackBone AS, TN
27.78.37.239, 7552, Viettel Corporation, VN
177.13.237.23, 11338, SKY SERVIÇOS DE BANDA LARGA LTDA, BR
82.159.70.242, 6739, Vodafone Ono, S.A., ES
190.80.144.83, 6400, Compañía Dominicana de Teléfonos, C. por A. - CODETEL, DO
179.33.25.29, 3816, COLOMBIA TELECOMUNICACIONES S.A. ESP, CO
200.2.184.99, 27775, Telecommunicationcompany Suriname - TeleSur, SR
184.74.103.170, 11351, Time Warner Cable Internet LLC, US
85.255.57.67, 25190, UAB Kauno interneto sistemos, LT
185.190.155.39, NA, NA, NA
42.117.26.218, 18403, The Corporation for Financing & Promoting Technology, VN
45.244.204.199, 24863, LINKdotNET, EG
81.90.230.170, 25071, RadioCom Ltd, UA
91.86.61.146, 47377, Mobistar SA, BE
78.29.150.36, 42580, Nos Acores Comunicacoes, S.A., PT
77.52.196.166, 21497, PrJSC MTS UKRAINE, UA
187.18.69.108, 22689, Sercomtel Participações S.A., BR
221.145.182.110, 4766, Korea Telecom, KR
113.170.57.207, 45899, VNPT Corp, VN
89.36.146.92, 39861, Comunicatii Starnet Media SRL, RO
193.95.255.66, 5603, Telekom Slovenije d.d., SI
113.71.209.8, 4134, Chinanet, CN
77.30.134.176, 25019, Saudi Telecom Company JSC, SA
138.36.230.154, 264598, DELTA TELECOMUNICACAO LTDA - ME, BR
213.230.93.97, 8193, Uzbektelekom Joint Stock Company, UZ
222.233.81.97, 9318, SK Broadband Co Ltd, KR
109.192.193.97, 29562, Kabel BW, DE
109.50.213.247, 2860, Nos Comunicacoes, S.A., PT
102.158.58.220, NA, NA, NA
190.13.19.227, 22368, TELEBUCARAMANGA S.A. E.S.P., CO
122.166.197.57, 24560, Bharti Airtel Ltd., Telemedia Services, IN
14.1.100.226, 59203, Angel Drops Ltd., BD
1.46.133.161, 24378, Total Access Communication PLC., TH
182.161.27.109, 18001, Dialog Axiata PLC., LK
112.160.248.161, 4766, Korea Telecom, KR

Headers x-mailer:
Microsoft Windows Live Mail 15.4.3508.1109
Xudvitu kcrhvh 9.8
Microsoft Outlook Express 6.00.2600.1381
Microsoft Outlook 15.0
Ecpibbjx wipviyi 4.1
Microsoft Windows Live Mail 16.4.3505.912
Microsoft Outlook 14.0
Xljpndga eclkafe 3.8
Microsoft Outlook Express 6.00.2600.0028
Ehiknta cbouq 5.5
Microsoft Outlook Express 6.00.2900.5931
Pbhngic vdsgjv
Microsoft Office Outlook 12.0
Bcalgci ncdfpbk
Microsoft Outlook Express 6.00.2800.2202
Microsoft Outlook Express 6.00.2600.2908
Microsoft Outlook Express 6.00.2800.1106
Opkeck lenwm
Vftwkuq sfcbtnn 0.0
Microsoft Outlook Express 6.00.2600.3376
Njfmncbn wmqmpb 0.9
Microsoft Outlook Express 6.00.2900.0754
Microsoft Outlook Express 6.00.2600.2719
Kjbihf feghjk
Microsoft Office Outlook 11
Mtwwni xglfdyg
Lgbsdkvd udhbxa
Jcktpev kaqjm

Helo:
85-255-57-67.ip.kis.lt
221.145.182.110
14.1.100.226
77.30.134.176
182.161.27.109
localhost
dsl-189-182-121-60-dyn.prod-infinitum.com.mx
gardenhouse.starnetmedia.ro
200.2.184.99
91.86.61.146
111.73.59.184
219.130.39.68
39.44.71.146
190-13-19-227.telebucaramanga[.]net[.]co
a109-50-213-247.cpe.netcabo.pt
45.244.204.199
rrcs-184-74-103-170.nys.biz.rr[.]com
39.32.239.207
181.41.224.52
rev-custodia-45-233-244-152.sounetmais.net.br
45.250.224.160
197.188.158.167
185-190-155-39.static.isp.telekom.rs
82.159.70.242.dyn.user.ono[.]com
23-237-13-177.skybandalarga.com.br
89.136.40.106
97.64.uzpak.uz
138.36.230.154
213.150.187.73
193.95.255.66
static.vnpt.vn
112.160.248.161
r262-pr-itapura.ibys.com.br
a109-48-166-155.cpe.netcabo.pt
84.9.77.85
115.79.46.48
customer-189-216-112-208.cablevision.net.mx
171.251.49.162
179.33.25.29
tdev144-83.codetel.net.do
102.158.58.220
112.144.109.179
77-52-196-166.static.umc.net.ua
customer-CLN-100-131.megared.net.mx
235-185-171-181.fibertel.com.ar
149.140.100.248
static-235-15-230-77.ipcom.comunitel[.]net
103.200.38.22
186-232-177-41.megagtv.com.br
42.117.26.218
abts-kk-static-57.197.166.122.airtelbroadband.in
103.77.197.197
78.29.150.36
nat.91.202.161.88.mytele.com.ua
190.237.75.65
222.233.81.97
113.71.209.8
HSI-KBW-109-192-193-097.hsi6.kabel-badenwuerttemberg[.]de
1.46.133.161
ppp079166246134.access.hol.gr
27-129-227-186.toquefibra.com.br
radiocom.td-olis.zp.ua
47-72-207-236.dsl.dyn.ihug.co.nz

Forwarder URLs:
hxxp://www[.]tradez.in/wp-content/uploads/revslider/templates/goodnewsspotlight/m_testicardine_radiative.html
hxxp://www[.]hatruong[.]com/wp-content/uploads/2018/F_chlorophyllin_telegraphee.html
hxxp://www[.]otterandrocket[.]com/wp-content/uploads/o_theotechnist_homogone.html
hxxp://www[.]ovationet[.]com/wp-content/themes/avpro/X_aunthood_uncontestedly.html
hxxp://www[.]wiesztal[.]com/dwi-consulting/jquery-ui-1.8.16.custom/css/eggplant/images/b_kascamiol_poligraphical.html
hxxp://www[.]sokolenko.dp.ua/wp-content/themes/portfolio-press/u_foredetermine_repew.html
hxxp://www[.]2.nakuruhospice[.]org/q_zelatrice_substructural.html
hxxp://www[.]phonesystems.cz/e_intercranial_bodenbenderite.html
hxxp://www[.]smartpathe[.]com/wp-content/themes/flecia/E_pseudonavicellar_alcyon.html
hxxp://www[.]ecosociale[.]org/wp-admin/css/colors/x_saucemaking_reabsorb.html
hxxp://www[.]lifeofbrine[.]com/wp-content/endurance-page-cache/2011/05/where-bear/J_variative_substantious.html
hxxp://www[.]liwumeizhu[.]com/loggers/g_unzephyrlike_puerperal.html
hxxp://www[.]akalpa[.]com/wp-content/uploads/nbdesigner/designs/b34dfe982f/q_Inkerman_combativeness.html
hxxp://www[.]carlapalmerconsulting[.]com/wp-content/plugins/jetpack/modules/widgets/gallery/js/y_profiler_safeblower.html
hxxp://www[.]sportsuggest[.]com/wp-content/themes/travelera-lite/template-parts/header/Z_Archibuteo_Laralia.html
hxxp://www[.]newsletter.vetoadom[.]com/cache/pommo/smarty/X_replevisable_Noachic.html
hxxp://www[.]nekudotlv[.]com/wp-content/uploads/J_reasty_unresifted.html
hxxp://www[.]northerndoorinn[.]com/wp-content/uploads/Z_widowership_statue.html
hxxp://www[.]jamescox.site/wp-content/themes/tesseract-free-theme/inc/sections/S_coating_Anystidae.html
hxxp://www[.]archeotech.pl/core/model/modx/sources/sqlsrv/K_telangiectasia_unfamiliar.html
hxxp://162.144.38.66/~designtestsite//wp-content/themes/zenwater/z_frill_Marsipobranchii.html
hxxp://www[.]ieee-colcaci[.]org/F_imperviability_shipbuilding.html
hxxp://www[.]rep2.tech/wp-content/uploads/2018/05/B_Canadianism_unracking.html
hxxp://www[.]dorybeauty.it/wp-content/plugins/three-column-screen-layout/A_unfeigning_drayman.html
hxxp://www[.]meridianlawbb[.]com/wp-content/plugins/cherry-plugin/includes/widgets/H_toothing_diamagnet.html
hxxp://www[.]smartonline.vn/wp-content/plugins/woocommerce/includes/import/V_cacochymy_cart.html
hxxp://www[.]hai-almadinah[.]com/wp-content/plugins/wordpress-seo/admin/notifiers/o_envenom_egg.html
hxxp://www[.]ionianstone[.]com/wp-content/plugins/all-in-one-seo-pack/js/n_unfallenness_surplicewise.html
hxxp://www[.]zgnet.cz/logs/a_dirl_orthodoxian.html
hxxp://www[.]dilgroup.pl/components/com_jce/editor/extensions/aggregator/b_protochloride_pleurocapsaceous.html
hxxp://www[.]downloadfilefree[.]com/wp-content/uploads/2018/06/N_utopographer_fabiform.html
hxxp://www[.]wp.myapp.ir/wp-content/plugins/masterslider/public/assets/css/skins/h_jiggy_uniramose.html
hxxp://www[.]bephenomenal[.]net/old/includes/J_parterred_predispose.html
hxxp://www[.]softnubsolutions[.]com/Premium49/lib/Stripe/Util/s_typhlosolar_anotta.html
hxxp://www[.]klongyawthailand[.]net/media/editors/tinymce/plugins/visualchars/A_slighted_chloritize.html
hxxp://www[.]hsstavby.cz/plugins/content/apismtp/g_coulee_kinless.html
hxxp://www[.]rpbconstruction[.]us/I_damnify_plussage.html
hxxp://www[.]eventshala[.]com/home/wp-admin/css/colors/coffee/l_profugate_spoofish.html
hxxp://www[.]djainstitute[.]com/wp-content/plugins/EF3-Framework/frameworks/SCSS/i_brachycephalization_monander.html
hxxp://www[.]xn–80acjeafjanc2aiijft9c2j[.]xn–p1ai/wordpress/wp-includes/js/tinymce/plugins/wordpress/M_semisecrecy_stoppeur.html

Host Details:
20180612, 5.56.134.155, AS61191, Abazarhaye Farsi Shabakeh (Persian Tools) Co.,LTD., hxxp://www[.]wp.myapp.ir/wp-content/plugins/masterslider/public/assets/css/skins/h_jiggy_uniramose.html, United Kingdom
20180612, 27.254.153.10, AS63940, dragonhispeed, hxxp://www[.]klongyawthailand[.]net/media/editors/tinymce/plugins/visualchars/A_slighted_chloritize.html, Thailand
20180612, 77.55.96.134, AS15967, Nazwa.pl Sp.z.o.o., hxxp://www[.]archeotech.pl/core/model/modx/sources/sqlsrv/K_telangiectasia_unfamiliar.html, Poland
20180612, 62.173.145.180, AS34300, JSC Internet-Cosmos, hxxp://www[.]xn–80acjeafjanc2aiijft9c2j[.]xn–p1ai/wordpress/wp-includes/js/tinymce/plugins/wordpress/M_semisecrecy_stoppeur.html, Russia
20180612, 160.153.138.74, AS26496, GoDaddy[.]com, LLC, hxxp://www[.]nekudotlv[.]com/wp-content/uploads/J_reasty_unresifted.html, United States
20180612, 107.6.141.2, AS32475, SingleHop, Inc., hxxp://www[.]2.nakuruhospice[.]org/q_zelatrice_substructural.html, Netherlands
20180612, 34.192.199.93, AS14618, Amazon[.]com, Inc., hxxp://www[.]sportsuggest[.]com/wp-content/themes/travelera-lite/template-parts/header/Z_Archibuteo_Laralia.html, United States
20180612, 192.185.46.45, AS20013, CyrusOne LLC, hxxp://www[.]bephenomenal[.]net/old/includes/J_parterred_predispose.html, United States
20180612, 64.90.41.105, AS26347, New Dream Network, LLC, hxxp://www[.]carlapalmerconsulting[.]com/wp-content/plugins/jetpack/modules/widgets/gallery/js/y_profiler_safeblower.html, United States
20180612, 160.153.137.19, AS26496, GoDaddy[.]com, LLC, hxxp://www[.]otterandrocket[.]com/wp-content/uploads/o_theotechnist_homogone.html, United States
20180612, 162.144.38.66, AS46606, Unified Layer, hxxp://162.144.38.66/~designtestsite//wp-content/themes/zenwater/z_frill_Marsipobranchii.html, United States
20180612, 45.32.108.131, AS20473, Choopa, LLC, hxxp://www[.]downloadfilefree[.]com/wp-content/uploads/2018/06/N_utopographer_fabiform.html, Singapore
20180612, 83.167.244.201, AS24971, Master Internet s.r.o., hxxp://www[.]hsstavby.cz/plugins/content/apismtp/g_coulee_kinless.html, Czechia
20180612, 93.88.241.77, AS29222, Infomaniak Network SA, hxxp://www[.]hatruong[.]com/wp-content/uploads/2018/F_chlorophyllin_telegraphee.html, Switzerland
20180612, 148.66.153.170, AS26496, GoDaddy[.]com, LLC, hxxp://www[.]tradez.in/wp-content/uploads/revslider/templates/goodnewsspotlight/m_testicardine_radiative.html, Singapore
20180612, 104.196.225.41, AS15169, Google Inc., hxxp://www[.]smartpathe[.]com/wp-content/themes/flecia/E_pseudonavicellar_alcyon.html, United States
20180612, 202.92.6.11, AS45899, VNPT Corp, hxxp://www[.]smartonline.vn/wp-content/plugins/woocommerce/includes/import/V_cacochymy_cart.html, Vietnam
20180612, 132.148.220.95, ASNone, None, hxxp://www[.]softnubsolutions[.]com/Premium49/lib/Stripe/Util/s_typhlosolar_anotta.html, United States
20180612, 160.153.138.74, AS26496, GoDaddy[.]com, LLC, hxxp://www[.]northerndoorinn[.]com/wp-content/uploads/Z_widowership_statue.html, United States
20180612, 148.66.153.170, AS26496, GoDaddy[.]com, LLC, hxxp://www[.]eventshala[.]com/home/wp-admin/css/colors/coffee/l_profugate_spoofish.html, Singapore
20180612, 213.186.33.2, AS16276, OVH SAS, hxxp://www[.]wiesztal[.]com/dwi-consulting/jquery-ui-1.8.16.custom/css/eggplant/images/b_kascamiol_poligraphical.html, France
20180612, 80.79.29.83, AS24971, Master Internet s.r.o., hxxp://www[.]phonesystems.cz/e_intercranial_bodenbenderite.html, Czechia
20180612, 85.159.146.73, AS15830, Telecitygroup International Limited, hxxp://www[.]dorybeauty.it/wp-content/plugins/three-column-screen-layout/A_unfeigning_drayman.html, Italy
20180612, 103.102.1.62, ASNone, None, hxxp://www[.]djainstitute[.]com/wp-content/plugins/EF3-Framework/frameworks/SCSS/i_brachycephalization_monander.html, Indonesia
20180612, 50.87.145.73, AS46606, Unified Layer, hxxp://www[.]hai-almadinah[.]com/wp-content/plugins/wordpress-seo/admin/notifiers/o_envenom_egg.html, United States
20180612, 45.40.183.129, AS26496, GoDaddy[.]com, LLC, hxxp://www[.]meridianlawbb[.]com/wp-content/plugins/cherry-plugin/includes/widgets/H_toothing_diamagnet.html, United States
20180612, 81.93.4.78, AS8399, Sewan Communications S.A.S., hxxp://www[.]newsletter.vetoadom[.]com/cache/pommo/smarty/X_replevisable_Noachic.html, France
20180612, 138.201.121.166, AS24940, Hetzner Online GmbH, hxxp://www[.]ionianstone[.]com/wp-content/plugins/all-in-one-seo-pack/js/n_unfallenness_surplicewise.html, Germany
20180612, 45.40.182.1, AS26496, GoDaddy[.]com, LLC, hxxp://www[.]rpbconstruction[.]us/I_damnify_plussage.html, United States
20180612, 192.185.225.13, AS46606, Unified Layer, hxxp://www[.]lifeofbrine[.]com/wp-content/endurance-page-cache/2011/05/where-bear/J_variative_substantious.html, United States
20180612, 185.98.131.144, AS16347, ADISTA SAS, hxxp://www[.]ecosociale[.]org/wp-admin/css/colors/x_saucemaking_reabsorb.html, France
20180612, 128.199.138.226, AS14061, Digital Ocean, Inc., hxxp://www[.]akalpa[.]com/wp-content/uploads/nbdesigner/designs/b34dfe982f/q_Inkerman_combativeness.html, Singapore
20180612, 81.2.197.163, AS24806, INTERNET CZ, a.s., hxxp://www[.]zgnet.cz/logs/a_dirl_orthodoxian.html, Czechia
20180612, 108.61.218.193, AS20473, Choopa, LLC, hxxp://www[.]rep2.tech/wp-content/uploads/2018/05/B_Canadianism_unracking.html, United States
20180612, 85.128.202.132, AS15967, Nazwa.pl Sp.z.o.o., hxxp://www[.]dilgroup.pl/components/com_jce/editor/extensions/aggregator/b_protochloride_pleurocapsaceous.html, Poland
20180612, 192.169.68.4, AS23033, Wowrack[.]com, hxxp://www[.]ovationet[.]com/wp-content/themes/avpro/X_aunthood_uncontestedly.html, United States
20180612, 219.234.4.171, AS23724, IDC, China Telecommunications Corporation, hxxp://www[.]liwumeizhu[.]com/loggers/g_unzephyrlike_puerperal.html, China
20180612, 178.20.153.90, AS42331, PE Freehost, hxxp://www[.]sokolenko.dp.ua/wp-content/themes/portfolio-press/u_foredetermine_repew.html, Ukraine
20180612, 192.185.52.143, AS20013, CyrusOne LLC, hxxp://www[.]jamescox.site/wp-content/themes/tesseract-free-theme/inc/sections/S_coating_Anystidae.html, United States
20180612, 107.180.51.243, AS26496, GoDaddy[.]com, LLC, hxxp://www[.]ieee-colcaci[.]org/F_imperviability_shipbuilding.html, United States