microsoft.com — Страница 32

spam source

Return-Path: <bounce@members.linode.com> Received: from NXDOMAIN (HELO li1365-32.members.linode.com) (40.115.233.206) by x (x) with ESMTP; Wed, 19 Aug 2020 xx:xx:xx +0000 MIME-version: 1.0 Content-Type: text/html ;charset=UTF-8 Date: Thu, 20 Aug 2020 xx:xx:xx +0200 To: x Sender: Medium Theresa <x> From: Medium Theresa <x> Subject: Re:x discover what I saw in my vision List-Unsubscribe: <@li1365-32.members.linode.com> X-Mailer: x <center>… Читать далее spam source

Spam source @51.116.181.212

The host at this IP address is emitting spam emails. Spam sample ========================================= From: noreply@tesla.com Subject: 5000 BTC giveaway =========================================

Japanese Bank Phishes…

e.g. https://peacfull-71.ml/smbc.co.jp/jp/SMBC/ This is a phish kit. 2020-09-04 06:25:41 ccakt.cf A 52.136.224.72 2020-08-10 06:18:47 ccakt.ga A 52.136.224.72 2020-08-10 06:18:13 ccakt.gq A 52.136.224.72 2020-09-04 19:38:01 ccakt.ml A 52.136.224.72 2020-09-06 04:35:36 ccakt.tk A 52.136.224.72 2020-10-15 04:08:53 faluty-71.ga A 52.136.224.72 2020-09-03 03:43:03 klaskz-71.cf A 52.136.224.72 2020-08-10 06:18:02 klaskz-71.ga A 52.136.224.72 2020-08-10 06:18:02 klaskz-71.gq A 52.136.224.72 2020-08-17 11:48:38 lgfdg-71.cf… Читать далее Japanese Bank Phishes…

Attempted spamming.

I really think North of 120 connections per minute is a bit much. Not a single successful delivery too. Shame it has no DNS. x postfix/submission/smtpd[16485]: disconnect from unknown[52.141.56.55] ehlo=1 auth=0/1 commands=1/2 x postfix/submission/smtpd[16485]: connect from unknown[52.141.56.55] x postfix/submission/smtpd[16485]: lost connection after EHLO from unknown[52.141.56.55] x postfix/submission/smtpd[16485]: disconnect from unknown[52.141.56.55] ehlo=1 auth=0/1 commands=1/2 x postfix/anvil[16391]:… Читать далее Attempted spamming.

ns2.superstorefore.com

THis is IDENTICAL to SBL493306 — 13.72.78.225 but certain parties are in denial. ——————————————————————————— Of the 700 or so domains on this NS since it was created in JUNE. All but 2 are phishing, and those 2 have changed providers. The other name servers are 13.72.78.225, 104.45.40.86 relativeaccesspayments.com hsbchecksecure.info three-ebill.com billingupdate-o2.com aol-mail-login.us eebilling-confirm.com And so… Читать далее ns2.superstorefore.com

Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: kimberlyiqlong@hotmail.com Subject: Re: Looking For Your Response Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================… Читать далее Abused / misconfigured newsletter service (listbombing)

Snowshoe Spam Emitters!

A number of IP addresses at Microsoft Azure are sending snowshoe spam that appear to be fake account confirmations, which are usually phish. This appears to be a survey page supposedly on behalf of US membership bulk retailer Sam’s Club. We doubt that it is actually run or authorized by Sam’s Club. Whether the page… Читать далее Snowshoe Spam Emitters!