Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: aidsmap bulletins <bulletins@bulletins.aidsmap.com> Subject: aidsmap news: CoronaVac shows weaker response in people with HIV, 19 April 2022 Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed»… Читать далее Abused / misconfigured newsletter service (listbombing)

spam emitter @143.198.181.245

Received: from mail.callslove.me ([143.198.181.245]) From: «Account Manager» <contact@callslove.me> Subject: [], uw saldo is onlangs bijgewerkt Date: Tue, 19 Apr 2022 10:1x:xx -0700 Previous SBL listings associated with this operations tied to Digital Ocean: SBL547613 165.227.47.22 2022-04-15 SBL547587 159.223.234.252 2022-04-15 SBL547509 159.203.35.163 2022-04-14 SBL547508 128.199.112.150 2022-04-14 SBL547390 143.198.177.2 2022-04-12 SBL547337 64.225.11.205 2022-04-12 SBL547269 165.22.20.199 2022-04-11 SBL547231… Читать далее spam emitter @143.198.181.245

IcedID botnet controller @164.92.104.194

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. IcedID botnet controller located at 164.92.104.194 on port 80 (using HTTP GET): hXXp://ertimadifa.com/ $ dig +short ertimadifa.com 164.92.104.194 Referencing malware binaries (MD5 hash): 89a0e6601d22c145a7dd5f5dd65b1f04 — AV detection:… Читать далее IcedID botnet controller @164.92.104.194

spam emitter @165.227.47.22

Received: from mail.hyiess.live ([165.227.47.22]) From: «Account Manager» <contact@hyiess.live> Subject: [], uw saldo is onlangs bijgewerkt Date: Fri, 15 Apr 2022 11:0x:xx -0700 Previous SBL listings associated with this operations tied to Digital Ocean: SBL547587 159.223.234.252 2022-04-15 SBL547509 159.203.35.163 2022-04-14 SBL547508 128.199.112.150 2022-04-14 SBL547390 143.198.177.2 2022-04-12 SBL547337 64.225.11.205 2022-04-12 SBL547269 165.22.20.199 2022-04-11 SBL547231 142.93.159.24 2022-04-11 SBL547002… Читать далее spam emitter @165.227.47.22

spam emitter @159.223.234.252

Received: from mail.kesylife.live ([159.223.234.252]) From: «BTC Account» <contact@kesylife.live> Subject: [], er is nieuwe activiteit in uw BTC-account Date: Fri, 15 Apr 2022 07:4x:xx -0700 Previous SBL listings associated with this operations tied to Digital Ocean: SBL547509 159.203.35.163 2022-04-14 SBL547508 128.199.112.150 2022-04-14 SBL547390 143.198.177.2 2022-04-12 SBL547337 64.225.11.205 2022-04-12 SBL547269 165.22.20.199 2022-04-11 SBL547231 142.93.159.24 2022-04-11 SBL547002 64.227.34.236… Читать далее spam emitter @159.223.234.252

phishing server

64.225.60.108|uspostal-service.com|2022-04-05 01:07:05 64.225.60.108|verified-securedusps.com|2022-04-15 04:41:03 verified-uspservice.dynamic-dns.net has address 64.225.60.108

spam emitter @128.199.112.150

Received: from mail.madiolab.me ([128.199.112.150]) From: «E-Wallet» <contact@madiolab.me> Subject: [], je hebt onlangs nieuwe BTC Date: Wed, 13 Apr 2022 05:4x:xx -0700

spam emitter @159.203.35.163

Received: from mail.hortsapp.live ([159.203.35.163]) From: «E-Wallet» <contact@hortsapp.live> Subject: [], je hebt onlangs nieuwe BTC Date: Wed, 13 Apr 2022 09:1x:xx -0700

Без названия

143.198.105.76|fraud-citi-ath.com|2022-04-13 11:47:38 143.198.105.76|info-citi-a6.com|2022-04-13 02:36:39 143.198.105.76|info-citi-k8.com|2022-04-14 01:44:53 143.198.105.76|wells-fargo-a8.com|2022-04-13 07:34:49 143.198.105.76|wells-fargo-k3.com|2022-04-11 06:52:19