Misconfigured and spamming from 2021-11-03 through at least 2021-11-09 03:00 UTC. So far all samples contain: srcip: 23.96.250.152 bodyfrom: Mrs.Joy Elizabeth <info@sound.com> Subject: [EXTERNAL]Compensation Award Office. Reply-To: <kelvinwilliams051@aliyun.com>
Автор: blog
my-cpe.com (MyCPE) (repeat spam)
The domain my-cpe.com (MyCPE) is sending spam to Spamhaus spamtraps. This domain has been listed in the Spamhaus DBL previously, and spam cleared up for a few weeks, but it’s back. The spam we see from my-cpe.com is generally sent through a third party, presumably hired by MyCPE. Today’s spams were sent through Benchmark Email,… Читать далее my-cpe.com (MyCPE) (repeat spam)
Hacked Website: trentlifestyle.com
A website at this IP address is currently being (ab)used by cybercriminals to phish DHL customer credentials. Host: 95.217.224.228 URL: hxxps[://]trentlifestyle[.]com/dhl/page/manage/ This issue was most probably caused by a compromised website. Cybercriminals may have gained access to the mentioned website by exploiting a well known vulnerability in a Content Management System (CMS) or by using… Читать далее Hacked Website: trentlifestyle.com
«Piush Verma» / GFORD Institute of Management
The following IP addresses are sending spam for the GFORD Institute of Management, advertising business training webinars. This sending is an aggressive new spam operation that sends through distributed bulk email networks with little or no effective abuse enforcement. Currently GFORD is sending through VPS servers at Digital Ocean, using rDNS and HELO at the… Читать далее «Piush Verma» / GFORD Institute of Management
«Piush Verma» / GFORD Institute of Management
The following IP addresses are sending spam for the GFORD Institute of Management, advertising business training webinars. This sending is an aggressive new spam operation that sends through distributed bulk email networks with little or no effective abuse enforcement. Currently GFORD is sending through VPS servers at Digital Ocean, using rDNS and HELO at the… Читать далее «Piush Verma» / GFORD Institute of Management
phishing server
https://www.acen-japan.buzz/ $ host www.acen-japan.buzz www.acen-japan.buzz has address 159.223.132.129
spam support (domains)
Domain used in ID theft operation. rockblue.art 172.67.133.96, 104.21.5.117
spam support (domains)
Domain used in ID theft operation. rockblue.art 172.67.133.96, 104.21.5.117
«Piush Verma» / GFORD Institute of Management
The following IP addresses are sending spam for the GFORD Institute of Management, advertising business training webinars. This sending is an aggressive new spam operation that sends through distributed bulk email networks with little or no effective abuse enforcement. Currently GFORD is sending through VPS servers at Digital Ocean, using rDNS and HELO at the… Читать далее «Piush Verma» / GFORD Institute of Management
Malware / Botnet / Phishing hosting server @45.8.127.131
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 45.8.127.131 on port… Читать далее Malware / Botnet / Phishing hosting server @45.8.127.131