https://bulletproof-hosting.com >>> https://bulletproof.su/? >>> https://t.me/ffservice? ns1.nospamdns.ru. 7162 IN A 82.146.48.239 ns2.nospamdns.ru. 7159 IN A 82.146.52.162 ________________ ns1.nospamdns.ru. 7162 IN A 193.47.33.229 ns2.nospamdns.ru. 7159 IN A 80.76.42.10 ________________ ns1.nospamdns.ru. 7162 IN A 193.47.33.229 ns2.nospamdns.ru. 7159 IN A 5.188.89.52 ________________ ns1.nospamdns.ru. 7162 IN A 91.224.22.113 ns2.nospamdns.ru. 7159 IN A 91.224.22.104 ________________ ns1.nospamdns.ru. 7162 IN A 91.224.22.65 ns2.nospamdns.ru.… Читать далее FastFlux hosting provider — who use hacked servers to host malware, phish, etc. (DNS server)
Автор: blog
spam emitter @23.251.226.7
Received: from e226-7.smtp-out.us-east-2.amazonses.com (23.251.226.7) From: Patrik Eriksson <eriksson@marketnewz.xyz> Subject: [] — Mer om vårt nästa veckas möte Date: Fri, 1 Oct 2021 08:3x:xx +0000
Malware botnet controller @45.79.239.23
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.79.239.23 on port 80 (using HTTP GET): hXXp://45.79.239.23/version.php $ nslookup 45.79.239.23 li2164-23.members.linode.com Referencing malware binaries (MD5 hash): deaad3ea1c708cd99e41c4043169aa4d — AV detection: 20… Читать далее Malware botnet controller @45.79.239.23
affiliate spam @whitehattracking.com
Received: from cem167.merrell.pl (40.86.172.14) From: American Home Warranty<[]> Subject: Never Pay For Covered Home Repairs Again. First Month FREE. Limited Time Date: Thu, 30 Sep 2021 15:4x:xx +0000 http://23.11.133.34.bc.googleusercontent.com/t?encv=2&v=[] 34.133.11.23 https://brandingvalor.com/0/2/7201/[] 193.124.15.228 ttp://go.whitehattracking.com/aff_c?offer_id=830&aff_id=1852&aff_sub=350020&aff_sub2=[] 18.209.255.248 https://www.americanhomewarranty.net/index.php?offer_id=830&aff_id=1852&sub1=350020&sub2=[]&sub3=&transaction_id=[] 172.81.118.28
spam emitters
Received: from s8.alinjgom.ru (185.149.243.59 [185.149.243.59]) Date: Fri, 1 Oct 2021 04:0x:xx +0000 From: Aleksandr <info@s8.alinjgom.ru> Subject: Предложение Spam emissions seen from: 185.149.243.58 185.149.243.59 185.149.243.60 185.149.243.61 185.149.243.62
Spam support service
We currently consider Beget LLC as «spam support service» according to Spamhaus SBL policy. Beget LLC is providing bulletproof domain registration services to botnet operators and rejects abuse reports send by Spamhaus and 3rd parties: ================================== <support@beget.com>: host mx1.beget.com[5.101.158.68] said: 550-Message discarded as high-probability spam. Contact support@beget.ru ( 550 1mTIPl-0005Sw-6a ) (in reply to end… Читать далее Spam support service
Loki botnet controller @172.67.219.120
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.219.120 on port 80 (using HTTP POST): hXXp://ir8.xyz/LC/w2/fre.php $ dig +short ir8.xyz 172.67.219.120
phishing server
mypaypal-accountreview.com has address 52.143.160.216 mypaypal-account.com has address 52.143.160.216 also actively spamming.
phishing server
$ host irs.gov.irs-thirdpayment.com irs.gov.irs-thirdpayment.com has address 35.199.183.151 hXXps://irs.gov.irs-thirdpayment.com/?irsgov
phishing server
jpsecurepolicies-onlineapprove01.com has address 135.181.223.75 jpsecurepolicies-onlineapprove02.com has address 135.181.223.75 jpsecurepolicies-onlineapprove03.com has address 135.181.223.75 jpsecurepolicies-onlineapprove04.com has address 135.181.223.75 jpsecurepolicies-onlineapprove05.com has address 135.181.223.75 jpsecurepolicies-onlineapprove07.com has address 135.181.223.75 jpsecurepolicies-onlineapprove08.com has address 135.181.223.75 jpsecurepolicies-onlineapprove09.com has address 135.181.223.75 jpsecurepolicies-onlineapprove10.com has address 135.181.223.75