TestoUltra wird Ihr Sexleben revolutionieren!
upload


header:
01: Return-Path: <lemonde [at] PfmCh88.businessbiz.pw>
02: Received: from bcv.businessbiz.pw ([107.178.111.20]) by mx-ha.gmx.net (mxgmx116
03: [212.227.17.5]) with ESMTP (Nemesis) ID: [ID filtered]
04: Received: from 127.0.0.1 (EHLO mx-amrcnbankr-a.sailthru.com) (192.64.237.33) by
05: mta4475.mail.ne1.yahoo.com with SMTP; Fri, 08 Mar 2019 xx:xx:xx +0000
06: DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; s=pt; d=pmta.sailthru.com;
07: h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:List-Unsubscribe;
08: bh=LS3L0gufy6n8zmYRrdYP1J5JY78=;
09: b=RRvRLIXkOLxis4nb/snWkp4xEhx8AtI2Inr2mj18kqpnR3qex4yr7ixIoxpQ2/FKUDSJmgf2BLvo
10: kdM1ncgOvaDb2Ciu7XWaSs6PMJD/LS9wBWrrsfsS3+QZBUJuXCHIV8RCzsE2v7/4BVmjqXGg05+l
11: YMl3lYBznRY3chrnEKw=
12: Received: from njmta-20.sailthru.com (173.228.155.20) by mx-amrcnbankr-a.sailthru.com
13: ID: [ID filtered]
14: Received: from nj1-wrylilac.flt (172.18.20.8) by njmta-20.sailthru.com ID: [ID filtered]
15: DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; t=1552057551;
16: s=sailthru; d=email.paymentssource.com;
17: h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:List-Unsubscribe;
18: bh=K7OW/9j422DF2xbUzOLxzcjKI7S080Rya0ev2R1Kv6E=;
19: b=vTkOUcdT79VB4g2Tp+rM5lT9VSb0htt6mTBHmFikpjanXQi/6CH2Q9lpDeE8zfb3
20: +AnB/Oehomoml+oLsTskPX+iCWgvyJPjeiQ68e+uAdfsjxAVENSeDRw9+cZFEwUlBbb
21: 5g6TDpX7u0SC0amoW22WD9KLMJmZywRWwtfFDCg4=
22: Date: Sat, 9 Mar 2019 xx:xx:xx -0500 (EST)
23: From: -=?UTF-8?B?VGVzdG9VbHRyYQ==?=- <paymentssource [at] email.businessbiz.pw>
24: To: *snip*
25: Message-ID: [ID filtered]
26: Subject: =?UTF-8?B?VGVzdG9VbHRyYSB3aXJkIElociBTZXhsZWJlbiByZXZvbHV0aW9uaWVyZW4h?=
27: MIME-Version: 1.0
28: Content-Type: multipart/alternative;
29: boundary="----=_Part_21742513_1753342937.1552057551727"
30: Precedence: bulk
31: X-TM-ID: [ID filtered]
32: X-Info: Message sent by sailthru.com customer PaymentsSource
33: X-Info: We do not permit unsolicited commercial email
34: X-Info: Please report abuse by forwarding complete headers to
35: X-Info: abuse [at] sailthru.com
36: X-Mailer: sailthru.com
37: X-Unsubscribe-Web: https://link.email.paymentssource.com/oc/*snip*
38: List-Unsubscribe: <https://link.email.paymentssource.com/oc/*snip*>, <mailto:
39: *snip*@mx.sailthru.com>
40: X-rpcampaign: stgrh16223494
41: Content-Length: 33175
42: Envelope-To: <*snip*>
43: X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3;
44: X-Spam-Flag: NO

Die Weiterleitung geht über whois:testoultra.blob.core.windows.net zur eigentlichen Werbeseite. Aber wie geht denn das? Wie bekommt Spammy seine Weiterleitung über Windows hin?

whois:https://testoultra.blob.core.windows.net/host/molaks1.html