Domains from this IP blocked or taken down - ongoing PHISH...

See: http://urlquery.net/report.php?id=1493241267397
Notorious A.S. with 416 blacklisted URLs: http://sitevet.com/db/asn/AS35017
IP we mean: http://toolbar.netcraft.com/site_report?url=91.239.64.147
_http-server-header: nginx/1.12.0 application/octet-stream, text/plain

And the sad thing is, there is no end to this,

polonus

Digging on, brought me what I was after, known javascript malcode.
eve7tds dot com as such won’t resolve, but the following link-uri does:
-http://eve7tds.com/static/lib/backDay.js

backDay.js is where the malicous indicators are: https://www.hybrid-analysis.com/sample/346c222adda3942e276a6f4c19e64bd17a7b2e8d9f542bbb35bda90bc9e7ff93?environmentId=1

Bingo, and the reason why it should come blocked. Threatscore 21/100.

polonus (volunteer website security analyst and website error-hunter)

Now they have packed up and changed their PHISHING circus here: http://urlquery.net/report.php?id=1493326147993
outlay of the website looks familiar. Same scheme, new domain, and the 303 see other → http://urlquery.net/report.php?id=1493326147993http://toolbar.netcraft.com/site_report?url=185.145.131.239 (seems already down now also).

Interesting discussion on such health spam at Google discussions: https://groups.google.com/forum/#!topic/news.admin.net-abuse.email/JzquX9ufnns All target sites come obfuscated in the spams…most boil down to Forskolin scam, while some are not.

The scam capaign is not only detrimental to the health of your device, but also to your health as such: https://www.contrahealthscam.com/natural-pure-forskolin-scam-unbiased-review/

Damian