Received: from mail.extensionss.co (mail.extensionss.co [192.3.12.106]) Date: Thu, 26 Aug 2021 13:0x:xx +0000 Subject: Happy box heeft jou geselecteerd als mogelijke winnaar van een Praxis cadeaupas t.w.v. €500! From: PRAXIS 610 <mail@extensionss.co> https://shirt.nominies.biz/index.php/campaigns/[] 104.21.10.92 https://horsefit.co/biz64 104.21.35.243 http://www.trygver.com/6KSXZNZ/45TJ3T/ 176.98.40.160 https://www.smoothtrk1.com/6KSXZNZ/98T51MD/?__rpt=0&__po=64&__ptid=[]&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 176.98.40.160
Рубрика: cloudflare.com
Phish spam site @104.21.72.188
Received: from [167.99.183.60] (helo=mta0.tcscales.com) From: [] Notice <achan@lamina.pl> Date: 25 Aug 2021 01:3x:xx +0200 Subject: Warning️警告:收到的邮件被阻止 https://lobeyto.com/sm/?x=x&a=user@victim.com lobeyto.com. 300 IN A 104.21.72.188 lobeyto.com. 300 IN A 172.67.154.93
Spamvertised website
Received: from mail.extensionss.co (mail.extensionss.co [192.3.12.106]) Date: Thu, 26 Aug 2021 13:0x:xx +0000 Subject: Happy box heeft jou geselecteerd als mogelijke winnaar van een Praxis cadeaupas t.w.v. €500! From: PRAXIS 610 <mail@extensionss.co> https://shirt.nominies.biz/index.php/campaigns/[] 104.21.10.92 https://horsefit.co/biz64 104.21.35.243 http://www.trygver.com/6KSXZNZ/45TJ3T/ 176.98.40.160 https://www.smoothtrk1.com/6KSXZNZ/98T51MD/?__rpt=0&__po=64&__ptid=[]&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 176.98.40.160
Carding fraud site/forum: fe18.su (fe-acc18.su / unicvvs.su) etc.
Stolen credit card data websites: feacc-18.ru. 300 IN A 172.67.70.94 feacc-18.ru. 300 IN A 104.26.7.242 feacc-18.ru. 300 IN A 104.26.6.242 ___________________________ was: fe-acc18.su. 299 IN A 54.67.121.198 fe18.su. 299 IN A 186.2.161.157 186.2.161.157 param.feacc-18.ru 2021-05-07 06:20:02 186.2.161.157 metrology.feacc-18.ru 2021-05-07 05:39:10 186.2.161.157 keep-alive.feacc-18.ru 2021-05-07 04:52:11 186.2.161.157 axis.feacc-18.ru 2021-05-07 01:37:22 186.2.161.157 feacc-18.ru 2021-05-06 23:00:43 186.2.161.157 fe18.su 2021-05-06… Читать далее Carding fraud site/forum: fe18.su (fe-acc18.su / unicvvs.su) etc.
Spammer hosting @172.67.153.171
Spammer hosting located here: $ dig +short www.hostingseekers.com 172.67.153.171 104.21.64.170 Received: from a8-74.smtp-out.amazonses.com (a8-74.smtp-out.amazonses.com [54.240.8.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Thu, 9 Sep 2021 X DKIM-Signature: X DKIM-Signature: X Message-ID: <X@email.amazonses.com> Date: Thu, 9 Sep 2021 X Subject:… Читать далее Spammer hosting @172.67.153.171
Spamvertised website
Received: from mail-pg1-x533.google.com ([2607:f8b0:4864:20::533]) From: thaiduong628@gmail.com Date: Sun, 29 Aug 2021 00:01:16 +0200 Subject:Funny T-Shirts For Engineer And Jobs Title T-Shirts https://engineerstore3.blogspot.com/2021/08/h2.html https://scienceflower.com/campaign/heavy-metals-chemistry-science-t-shirts engineerstore3.blogspot.com. 3600 IN CNAME blogspot.l.googleusercontent.com. blogspot.l.googleusercontent.com. 300 IN A 142.251.32.1 scienceflower.com. 300 IN A 104.21.51.216 scienceflower.com. 300 IN A 172.67.186.95
Pharmacy website
Received: from vodamail.co.za (196.11.146.229) by BN8NAM12FT017.mail.protection.outlook.com (10.13.182.170) with Microsoft SMTP Server id 15.20.4523.8 via Frontend Transport; Sun, 12 Sep 2021 16:1x:xx +0000 Received: from vodamail.co.za (unknown [104.194.247.154]) (Authenticated sender: 27728376899) by mdrrx900svcs01vmlsmtp01.vodamail.internal (Postfix) with ESMTPA id [] for []; Sun, 12 Sep 2021 18:1x:xx +0200 (SAST) Date: Mon, 13 Sep 2021 0:1x:xx +0800 From: Generic… Читать далее Pharmacy website
Carding fraud site/forum: (DNS) easydeals.sb / easydeals.gs / easydeals.ec
Stolen credit-card data site: https://luxchecker.pm/bk2.gif >>> https://href.li/?https://easydeals.sb >>> https://easydeals.sb Tracing to easydeals.gd[a] via A.ROOT-SERVERS.NET, maximum of 3 retries A.ROOT-SERVERS.NET [.] (198.41.0.4) |\___ a.nic.gd [gd] (2001:067c:13cc:0000:0000:0000:0001:0088) Not queried |\___ a.nic.gd [gd] (194.169.218.88) | |\___ stephane.ns.cloudflare.com [easydeals.gd] (108.162.194.112) Got authoritative answer | |\___ stephane.ns.cloudflare.com [easydeals.gd] (162.159.38.112) Got authoritative answer | |\___ stephane.ns.cloudflare.com [easydeals.gd] (172.64.34.112) Got authoritative answer
«usersupport.net» phishing sites hosted on Cloudflare
104.21.43.37 att.usersupport.net 104.21.43.37 comcast.usersupport.net 104.21.43.37 redirect.usersupport.net 104.21.43.37 tmobile.usersupport.net 104.21.43.37 usps.usersupport.net 104.21.43.37 verizon.usersupport.net 104.21.43.37 walmart.usersupport.net 104.21.43.37 www.usersupport.net 172.67.218.2 google.usersupport.net 172.67.218.2 spectrum.usersupport.net 172.67.218.2 tracking.usersupport.net
«usersupport.net» phishing sites hosted on Cloudflare
104.21.43.37 att.usersupport.net 104.21.43.37 comcast.usersupport.net 104.21.43.37 redirect.usersupport.net 104.21.43.37 tmobile.usersupport.net 104.21.43.37 usps.usersupport.net 104.21.43.37 verizon.usersupport.net 104.21.43.37 walmart.usersupport.net 104.21.43.37 www.usersupport.net 172.67.218.2 google.usersupport.net 172.67.218.2 spectrum.usersupport.net 172.67.218.2 tracking.usersupport.net