Il me faudrait trouver un plugin WordPress qui ajoute automatiquement un logo ou le nom de mon site en filigrane ( Watermark ) …
Exemple n°1 : http://texansonlineofficialshop.com :
Exemple n°2 : http://eka.letsfixerimages.club :
…
L’activité de cette demande de rançon : https://bitcoinwhoswho.com/address/1GrwstsEVPrit3rxAg2WPTSSyRoQqJVXCD .
Dans le source de l’email :
Return-Path: tanyq@ytport.com
...
Received: from ssqr.ytport.com (unknown [218.17.228.164])
...
X-CSA-Complaints: complaints@ytport.com
X-Complaints-To: abuse@mailer.ytport.com
Organization: Owrmbmgfgbnji
...
Date: Mon, 6 May 2019 13:36:42 +0200
...
X-MAIL:ssqr.ytport.com x46BWFco075468
...
Content-Type: image/jpeg;
name="1557149801883.jpg"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="1557149801883.jpg"
Content-ID: att_img_880970
Misère.
Bitcoin : 1Gp6LXRPjQbqzKSvsTHv2RAiWzNkgXmoqo
Return-Path: <calama@workmed.cl>
...
Received: from servidor.workmed.cl (servidor.workmed.cl [200.73.113.209])
...
Date: Mon, 22 Apr 2019 18:17:37 +0200
...
Abuse-Reports-To: <abuse@mail.workmed.cl>
X-Abuse-Reports-To: abuse@mail.workmed.cl
Bitcoin : 1Bo6BKUekTefV4kKPz2nhqsWCELuR6Ep1N
Return-Path: <luomingxiu@jygdy.com>
...
Received: from mail.jygdy.com (unknown [111.11.180.157])
Bitcoin : 15LZuFSVyDAoaNLtbh4ru7ZQWvZxEosCaf
X-SPAMOUT-IP: 203.239.130.5 (TRUST)
X-Original-SENDERIP: 203.239.130.5
X-SPAMOUT-COUNTRY: KR
X-SPAMOUT-FROM: <jt.joo@elim.net>
Dans le source de l’email :
Return-Path: <luomingxiu@jygdy.com>
...
X-Spam-Flag: YES
X-Spam-Level: ***************
X-Spam-Status: Yes, score=15.9 required=5.0 tests=COUNTRY2,
HEADER_FROM_DIFFERENT_DOMAINS,HTML_IMAGE_ONLY_04,HTML_MESSAGE,
LOCALPART_IN_SUBJECT,MIME_HTML_MOSTLY,MPART_ALT_DIFF,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,
RCVD_IN_SORBS_WEB,TO_NAME_SUBJ_NO_RDNS,TO_NO_BRKTS_HTML_IMG,
TVD_SPACE_RATIO autolearn=no autolearn_force=no version=3.4.2
X-Spam-Relay-Country: CN AL
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on spamd16.phpnet.org
X-Spam-Report:
* 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [111.11.180.157 listed in zen.spamhaus.org]
* 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
* [84.20.83.21 listed in zen.spamhaus.org]
* 1.0 COUNTRY2 No description available.
* 0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in
* Subject
* 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
* [84.20.83.21 listed in dnsbl.sorbs.net]
* 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
* bl.spamcop.net
* [Blocked - see <https://www.spamcop.net/bl.shtml?84.20.83.21>]
* 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
* https://senderscore.org/blacklistlookup/
* [111.11.180.157 listed in bl.score.senderscore.com]
* 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
* mail domains are different
* 0.3 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words
* 0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
* 0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 TVD_SPACE_RATIO No description available.
* 0.0 TO_NAME_SUBJ_NO_RDNS Recipient username in subject + no rDNS
* 2.0 TO_NO_BRKTS_HTML_IMG To: lacks brackets and HTML and one image
Received: from mail.jygdy.com (unknown [111.11.180.157])
...
Received: from [21.83.20.84.in-addr.arpa] ([84.20.83.21])
(envelope-sender <luomingxiu@jygdy.com>)
...
X-WM-AuthFlag: YES
X-WM-AuthUser: luomingxiu@jygdy.com
...
X-Mailer: Sun Java(tm) System Messenger Express 6.1 HotFix 0.11 (builtJan 28
X-Complaints-To: abuse@mailer.jygdy.com
Abuse-Reports-To: <abuse@mailer.jygdy.com>
...
X-Sender: luomingxiu@jygdy.com
Et on retrouve dans Bitcoin Abuse : https://www.bitcoinabuse.com/reports/1Bo6BKUekTefV4kKPz2nhqsWCELuR6Ep1N .
Le serveur est en Chine …
