Authentication-Results: spf=pass (sender IP is 23.239.17.169) smtp.mailfrom=phplist.com; x; dkim=pass (signature was verified) header.d=phplist.com;x; dmarc=permerror action=none header.from=cparity-event.com;compauth=fail reason=001 Received-SPF: Pass (protection.outlook.com: domain of phplist.com designates 23.239.17.169 as permitted sender) receiver=protection.outlook.com; client-ip=23.239.17.169; helo=smtpnode07.phplist.com; Received: from smtpnode07.phplist.com (23.239.17.169) by MW2NAM10FT045.mail.protection.outlook.com (10.13.155.45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.16 via Frontend Transport; Mon, 16 Aug 2021 ##:##:## +0000… Читать далее B2B conference spammer
Автор: blog
phishing server
e2-citizensbank.com has address 172.105.159.106 oam-wellsfargo.com has address 172.105.159.106 e3-usps.com has address 172.105.159.106
Distributed Spam-for-Hire Network!
The following iP addresses are spamming for a variety of dodgy customers who send to lists with no pretension of opt-in or permission. They were using a scattered group of IP addresses at First Root about a month ago, but appear to have moved onto Linode and OVH. NOT ACCEPTABLE! SENDING IPs: 45.79.170.233 zrw52.top (Linode)… Читать далее Distributed Spam-for-Hire Network!
Cybercrime carder DNS server hosting (escalation)
Do not seem able to keep cybercrime gang from hosting in this range: History: SBL523735 212.109.194.37 ispserver.com 2021-06-02 Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.) SBL523684 212.109.194.136 ispserver.com 2021-06-01 FastFlux hosting provider — who use hacked servers to host malware, phish, etc. SBL523633 212.109.194.87 ispserver.com 2021-06-01 FastFlux hosting provider… Читать далее Cybercrime carder DNS server hosting (escalation)
Spammer DNS hosting (cybercrime forums)
82.146.52.161 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 82.146.52.161 stops answering DNS queries for spamvertized domain names. 1 Nameservers seen on 82.146.52.161: NS2.DOMEN-DOMIK.RU — 1shnurok.ru — 1sns.ru — 2rich4bitches.ru — 2rich4bitches.su — 2tracks24.net… Читать далее Spammer DNS hosting (cybercrime forums)
RedLineStealer botnet controller @80.87.192.137
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 80.87.192.137 on port 27018 TCP: $ telnet 80.87.192.137 27018 Trying 80.87.192.137… Connected to 80.87.192.137. Escape character… Читать далее RedLineStealer botnet controller @80.87.192.137
spam emitter @163.172.89.134
Received: from mail.kharota.com (163.172.89.134) by DB8EUR05FT017.mail.protection.outlook.com (10.233.239.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13 via Frontend Transport; Tue, 28 Sep 2021 06:2x:xx +0000 Received: from [46.32.239.96] (vps38622686.123-vps.co.uk [46.32.239.96]) by mail.kharota.com (Postfix) with ESMTPA id []; Tue, 28 Sep 2021 06:0x:xx +0100 (BST) Subject: I NEED YOUR ASSISTANCE !!!! From: «Mr. Kim Leang » <imran@kharota.com>… Читать далее spam emitter @163.172.89.134
ArkeiStealer botnet controller @23.88.111.187
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 23.88.111.187 on port 80 (using HTTP POST): hXXp://23.88.111.187/ $ nslookup 23.88.111.187 static.187.111.88.23.clients.your-server.de Referencing malware binaries (MD5 hash): 1be0d2741eaac6804e24a7586b1086b0 — AV detection: 50… Читать далее ArkeiStealer botnet controller @23.88.111.187
ArkeiStealer botnet controller @23.88.108.1
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 23.88.108.1 on port 80 (using HTTP POST): hXXp://23.88.108.1/ $ nslookup 23.88.108.1 static.1.108.88.23.clients.your-server.de Referencing malware binaries (MD5 hash): 22def90fe7900f44847974e6a6da2e85 — AV detection: 25… Читать далее ArkeiStealer botnet controller @23.88.108.1
List Seller (apollo.io)
Cloudflare hosts the list sales website www.apollo.io. Spamhaus considers sales of lists that contain email addresses to be spam support, since there is no legitimate use for this data. WEB SITE (http://www.apollo.io) Data-driven revenue growth Prospect from 200M business contacts and 10M companies, find verified emails and direct dials, and give your existing sales tools… Читать далее List Seller (apollo.io)