;; QUESTION SECTION: ;xxpwe11154.execute-api.us-west-2.amazonaws.com. IN A ;; ANSWER SECTION: xxpwe11154.execute-api.us-west-2.amazonaws.com. 59 IN A 99.84.64.56 xxpwe11154.execute-api.us-west-2.amazonaws.com. 59 IN A 99.84.64.19 xxpwe11154.execute-api.us-west-2.amazonaws.com. 59 IN A 99.84.64.95 xxpwe11154.execute-api.us-west-2.amazonaws.com. 59 IN A 99.84.64.13 ec2-52-37-118-25.us-west-2.compute.amazonaws.com [52.37.118.25] Received: from mail-ed1-f50.google.com (HELO mail-ed1-f50.google.com) (209.85.208.50) by xx ESMTPS; Thu, 22 Jul 2021 15:22:42 +0000 Received: by mail-ed1-f50.google.com with SMTP id xx; Thu, 22… Читать далее Spamming mackeeperaffiliates.com to harvested addresses using AWS & Gmail
Рубрика: google.com
Hosting fraud/phish spam on: info-blog-support.blogspot.com
https://tinyurl.com/bzn6as36 >>> https://info-blog-support.blogspot.com/ 142.251.33.65 >>> https://infohelpsu.temp.swtest.ru/jone/alaa/off/z0n51/cc.php Received: from mail.prixa.net (HELO mail.prixa.net) (114.119.190.51) by xxx; Fri, 23 Jul 2021 22:22:29 +0000 Received: from grini (unknown [20.36.34.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: no-reply@prixa.net) by mail.prixa.net (Postfix) with ESMTPSA id xxx; Fri, 23 Jul 2021 22:22:20 +0000 (UTC) DKIM-Signature: v=1;… Читать далее Hosting fraud/phish spam on: info-blog-support.blogspot.com
Canadian Pharmacy
Subject: Buy Viiagra/Cilais/Levirta Bset Onilne Phamracy 2019 Trusetd By Thoousands Of Cu$t0mers Cheap Pr1ce$ and F@$t Deelivery Non Prescripiton Meeds ___________ https://feedproxy.google.com/~r/x1i/~3/2d6EzPkUh9A? https://feedproxy.google.com/~r/x1i/~3/DOv4NWcHP00? https://feedproxy.google.com/~r/x1i/~3/Pw7pkeDtGoM? https://feedproxy.google.com/~r/x1i/~3/QtBp9M3kdLY? https://feedproxy.google.com/~r/x1i/~3/QV207Ch3x6M? https://feedproxy.google.com/~r/x1i/~3/tF_5Au4_XBc? https://feedproxy.google.com/~r/x1i/~3/wTbr0DArN3w? https://feedproxy.google.com/~r/x1i/~3/bQD1SDrmYxo? ___________ >>> https://xn--90aa0bf9ayc.xn--p1ai/ >>> https://xn--90afk0abpctv9be.xn--p1ai/ >>> https://xn--c1addlom1brp.xn--p1ai/ >>> https://xn--c1addlom1brp.xn--p1ai/ xn--90aa0bf9ayc.xn--p1ai. 599 IN A 95.165.149.124 xn--90afk0abpctv9be.xn--p1ai. 515 IN A 95.31.40.41 xn--c1addlom1brp.xn--p1ai. 485 IN A 95.31.40.41 xn--c1addlom1brp.xn--p1ai. 571… Читать далее Canadian Pharmacy
Spammer hosting @172.67.69.125
http://sa3ssdwefweatkom.diskstation.org/r.php?t=XXX -> https://towelred.com/?a=XXX —> https://click.powerplaypoints.com/click/XXX —> https://winorama77.com/lp/de/MagicFairies/index.html?Inc=XXX winorama77.com. 59 IN A 34.117.25.194 __________ Was: $ dig +short winorama77.com 172.67.69.125 104.26.14.185 104.26.15.185 34.117.25.194 geoscratchmania.com 2021-07-29 06:26:23 34.117.25.194 emails.netoplaycdn.com 2021-07-29 05:22:56 34.117.25.194 scratchmania.com 2021-07-28 22:30:53 34.117.25.194 www.scratchmania.com 2021-07-28 08:40:45 34.117.25.194 winning-news.com 2021-07-28 08:12:06 34.117.25.194 winspark77.com 2021-07-28 08:06:24 34.117.25.194 plazaplay.com 2021-07-28 01:35:50 34.117.25.194 netopartners.net 2021-07-19 12:51:59 34.117.25.194 3scratchmania.com… Читать далее Spammer hosting @172.67.69.125
Canadian Pharmacy
Subject: Buy Viagra/Cialis/Levitra Online ___________ https://feedproxy.google.com/~r/x1i/~3/8y33ir9excY? https://feedproxy.google.com/~r/x1i/~3/PVYsO_x1P3o? https://feedproxy.google.com/~r/x1i/~3/lxbL60NulwU? >>> «https://xn--90afk0abpctv9be.xn--p1ai/ xn--90afk0abpctv9be.xn--p1ai. 599 IN A 202.145.2.67 202.145.2.67 ns1.ocjaxcil.ru 2021-07-30 00:11:08 202.145.2.67 ns2.newaidassist.com 2021-07-29 23:35:51 202.145.2.67 ns1.newaidassist.com 2021-07-29 23:35:51 202.145.2.67 mycuringsupply.ru 2021-07-29 23:35:48 202.145.2.67 ns2.mycuringsupply.ru 2021-07-29 23:31:02 202.145.2.67 ns1.mycuringsupply.ru 2021-07-29 23:31:02 202.145.2.67 ns1.eiqisfjl.ru 2021-07-29 23:30:45 202.145.2.67 securedrugmart.ru 2021-07-29 23:10:03 202.145.2.67 xn--90afk0abpctv9be.xn--p1ai 2021-07-29 22:35:50 202.145.2.67 newremedyreward.ru 2021-07-29 18:40:55… Читать далее Canadian Pharmacy
Canadian Pharmacy
Subject: Buy Viagra/Cialis/Levitra Online https://feedproxy.google.com/~r/x1i/~3/-21sJWhTDGY? >>> https://xn--90afk0abpctv9be.xn--p1ai/ xn--90afk0abpctv9be.xn--p1ai. 599 IN A 31.132.1.40 ___________ https://feedproxy.google.com/~r/x1i/~3/8y33ir9excY? https://feedproxy.google.com/~r/x1i/~3/PVYsO_x1P3o? https://feedproxy.google.com/~r/x1i/~3/lxbL60NulwU? >>> «https://xn--90afk0abpctv9be.xn--p1ai/ xn--90afk0abpctv9be.xn--p1ai. 599 IN A 202.145.2.67 202.145.2.67 ns1.ocjaxcil.ru 2021-07-30 00:11:08 202.145.2.67 ns2.newaidassist.com 2021-07-29 23:35:51 202.145.2.67 ns1.newaidassist.com 2021-07-29 23:35:51 202.145.2.67 mycuringsupply.ru 2021-07-29 23:35:48 202.145.2.67 ns2.mycuringsupply.ru 2021-07-29 23:31:02 202.145.2.67 ns1.mycuringsupply.ru 2021-07-29 23:31:02 202.145.2.67 ns1.eiqisfjl.ru 2021-07-29 23:30:45 202.145.2.67 securedrugmart.ru 2021-07-29 23:10:03… Читать далее Canadian Pharmacy
Spamvertised website
Received: from consequunturzgbci.wuxes.com (194.87.234.253) Date: Sun, 8 Aug 2021 19:1x:xx +0000 From: [] <newsletter@edm.scoopon.com.au> Subject: FWD: Your account balance has already increased to a whopping $15,869.95 http://194-58-119-232.cloudvps.regruhosting.ru/track/[] => https://www.makereachout.com/2LJ14C4/9X8BQNM/?sub1=11&sub2=115-562&sub3=[] 194-58-119-232.cloudvps.regruhosting.ru. 86400 IN A 194.58.119.232 www.makereachout.com. 3603 IN A 34.95.111.202
All domains on this IP are malicious.
Of the 60 domains that resolve to this IP, not a single one of them is legitimate. deliveries-mypostoffice.com delivery—dpd.com delivery-service-centre.com dpd-deliveryinfo.net dpd-official-online.com dpd-parcel-info.com dpd-parceltrack.com dpd-postal-redirect.com dpd-redirect-postal.com dpd-reshipment-fees.com dpdlocal-update.com dpdlocal-updates.com ee-missed-payment.com And MANY more.
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: ICYS ExCom <icecoreys@gmail.com> Subject: ICYS 8th Seminar 19th August 21:00-22:00 UTC Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email… Читать далее Abused / misconfigured newsletter service (listbombing)
Phishing redirector — Bitcoin fraud
SBL530274 has a payload on $ host www.haveafroginthroat.com www.haveafroginthroat.com has address 34.102.211.173 which we think exists for this purpose only.