$ dig +short ns1.smsdnspro.com 206.189.97.166 Domains served by this nameserver appear as the first stage redirectors in SMS fraud spam.
Рубрика: digitalocean.com
Phishing redirector
$ host xhif.link xhif.link has address 185.212.128.20 xhif.link has address 138.197.217.143 This domain was registered on November 2 solely for phishing purposes. # whois.namecheap.com Domain name: xhif.link Registry Domain ID: DO_5e904656ca6124ded731a515545fa8e4-UR Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2021-11-02T09:48:01.15Z Registrar Registration Expiration Date: 2022-11-02T09:48:01.15Z Registrar: NAMECHEAP INC Registrar IANA ID:… Читать далее Phishing redirector
«Piush Verma» / GFORD Institute of Management
The following IP addresses are sending spam for the GFORD Institute of Management, advertising business training webinars. This sending is an aggressive new spam operation that sends through distributed bulk email networks with little or no effective abuse enforcement. Currently GFORD is sending through VPS servers at Digital Ocean, using rDNS and HELO at the… Читать далее «Piush Verma» / GFORD Institute of Management
«Piush Verma» / GFORD Institute of Management
The following IP addresses are sending spam for the GFORD Institute of Management, advertising business training webinars. This sending is an aggressive new spam operation that sends through distributed bulk email networks with little or no effective abuse enforcement. Currently GFORD is sending through VPS servers at Digital Ocean, using rDNS and HELO at the… Читать далее «Piush Verma» / GFORD Institute of Management
phishing server
https://www.acen-japan.buzz/ $ host www.acen-japan.buzz www.acen-japan.buzz has address 159.223.132.129
«Piush Verma» / GFORD Institute of Management
The following IP addresses are sending spam for the GFORD Institute of Management, advertising business training webinars. This sending is an aggressive new spam operation that sends through distributed bulk email networks with little or no effective abuse enforcement. Currently GFORD is sending through VPS servers at Digital Ocean, using rDNS and HELO at the… Читать далее «Piush Verma» / GFORD Institute of Management
Phishing payload against Danske (Nordic banking group)
$ host danskiebank.com danskiebank.com has address 165.22.124.142 This recently registered domain name only exists to phish customers of Danske.
phishing server
68.183.47.239|secure-01citizns.net|2021-11-02 21:15:58 68.183.47.239|secure02bcitizns.com|2021-11-07 22:35:47 68.183.47.239|secure089bcitizns.com|2021-11-07 19:05:57 68.183.47.239|server03bcitizns.com|2021-11-02 23:00:55 68.183.47.239|server083bcitizns.com|2021-11-03 16:56:36 68.183.47.239|server17bcitizens.com|2021-11-08 16:11:19
phishing server
hXXp://citizan05s-online.com/ $ host citizan05s-online.com citizan05s-online.com has address 178.128.237.184
Distributed Spam-for-Hire Network (ddns.net)
The following IP addresses at several providers of inexpensive VPS services are sending spam for several customers. The IP addresses HELO as a hostname in the ddns.net domain. This domain is owned by no-ip.com, a provider of distributed IP services. The first IP address below is sending phish. The second is sending spam for provider… Читать далее Distributed Spam-for-Hire Network (ddns.net)