phishing fail

1. phishing address - courrier-mettre-a-jour@jour.com
2. mail ip Address - 91.233.253.11
3. server ip address - 192.185.180.40
4. Email Service Provider - ASPSERVER
5. SMTP session
6. [Resolving mail.jour.com...]
7.  [Contacting mail.jour.com [91.223.253.11]...]
8.  [Connected]
9.  220 ns14.dynamixhost.com ESMTP
10.  EHLO mx1.validemail.com
11.  250-ns14.dynamixhost.com
12.  250-AUTH=LOGIN CRAM-MD5 PLAIN
13.  250-AUTH LOGIN CRAM-MD5 PLAIN
14.  250-STARTTLS
15.  250-PIPELINING
16.  250 8BITMIME
17.  MAIL FROM:<>
18.  250 ok
19.  RCPT TO:<courrier-mettre-a-jour@jour.com>
20.  550 sorry, no mailbox here by that name. (#5.7.17)
21. [Address has been rejected]
22.  RSET
23.  250 flushed
24.  QUIT
25.  221 ns14.dynamixhost.com
26.  [Connection closed]
27.  
28. Virus Total Hash - dad77b4e03da0b316a68760e47d7fa73d38b6aee78c004fbf5cb41b5a5d83ebf
29. https://tinyurl.com/y6c92vt8
30.         http://insightengineering.com.pk/csl/vv/out
31.         http://insightengineering.com.pk/csl/vv/out/
32.         http://insightengineering.com.pk/csl/vv/out/login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=49&id=4179177173
33.  
34. effective url - http://insightengineering.com.pk/csl/vv/out/login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=49&id=4179177173
35.  
36. eu ip - 192.185.180.40
37.  
38. eu ip is located in Houston, Texas
39. UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is insightengineering.com.pk.
40.  
41.  
42. 1 1
43. 2606:4700:10::6814:da2a
44.  
45. 13335 (CLOUDFLARENET - Cloudflare)
46. 2 8
47. 192.185.180.40
48.  
49. 46606 (UNIFIEDLAYER-AS-1 - Unified Layer)
50. 2
51. 185.70.40.151
52.  
53. 19905 (NEUSTAR-AS6 - NeuStar)
54.  
55. redirections
56.    
57.  
58. similar sites
59.  
60. soislifesciences.com/contact-proton/vv/
61.  
62. adrninistrator.site/ikman/vv
63.  
64. protonmail.com.username.password.method.post.secure.login.mailcommunicationservice.com
65.  
66. http://myaccountupgrades.com/wp/vvv/3d6484f91bee5c51243d7439144892dc/login.php?websrc=23423
67.  
68. domains hosted on ip  - 53
69.  
70.  
71. mail servers
72. Found 44 mail servers using IP address 192.185.180.40.
73.  
74. ip location info - https://www.google.com/maps/place/29%C2%B049'48.0%22N+95%C2%B028'12.0%22W/@29.83,-95.4721887,17z/data=!3m1!4b1!4m5!3m4!1s0x0:0x0!8m2!3d29.83!4d-95.47
75.  
76. address -
77.  
78. 4141 Costa Rica Rd
79.  
80.  
81. Houston, Texas
82.  
83.  
84. 4134-4148 Costa Rica Rd, Houston, TX 77092, USA
85.  
86. user assoiciated with address - Nathan R Arriens
87. Age 30s
88.  
89.  
90.  
91. nmap scan
92.  
93. PORT     STATE    SERVICE  VERSION
94. 21/tcp   open     ftp      Pure-FTPd
95. 22/tcp   filtered ssh
96. 25/tcp   open     smtp?
97. 26/tcp   open     smtp     Exim smtpd 4.91
98. 53/tcp   open     domain   ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
99. 80/tcp   open     http     nginx 1.14.1
100. 110/tcp  open     pop3     Dovecot pop3d
101. 143/tcp  open     imap     Dovecot imapd
102. 443/tcp  open     ssl/http nginx 1.14.1
103. 465/tcp  open     ssl/smtp Exim smtpd 4.91
104. 587/tcp  open     smtp     Exim smtpd 4.91
105. 993/tcp  open     ssl/imap Dovecot imapd
106. 995/tcp  open     ssl/pop3 Dovecot pop3d
107. 2222/tcp open     ssh      OpenSSH 5.3 (protocol 2.0)
108. 3306/tcp open     mysql    MySQL 5.6.41-84.1
109. 8080/tcp open     http     nginx 1.14.1
110. 8443/tcp open     ssl/http nginx 1.14.1