The host at this IP address is emitting spam emails. Spam sample ========================================= From: staff@fotoregali.com Subject: X Sie haben die Chance, zu Hause reich zu sein (letzte Moglichkeit) =========================================
Рубрика: oracle.com
Spam source @150.136.156.209
The host at this IP address is emitting spam emails. Spam sample ========================================= From: staff@fotoregali.com Subject: X Sie haben die Chance, zu Hause reich zu sein (letzte Moglichkeit) =========================================
Spammer hosting @134.70.28.1
Spammer hosting located here: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idqyn1owx1ll/b/crazyglowlemon/o/1dqgqcalkdh.html -> https://w.followflow.net/index.php?id_promo=X&promokeys=X —> https://lp.crazyglow.com/c1ad419/?bid=X $ dig +short objectstorage.us-ashburn-1.oraclecloud.com objectstorage.us-ashburn-1.oci.oraclecloud.com. 134.70.28.1 134.70.24.1 134.70.32.1 Spam sample ==================================================================== Received: from presentcharity.net (presentcharity.net [185.235.128.117]) by X (Postfix) with ESMTP id X for <X>; Wed, 28 Apr 2021 X DKIM-Signature: X DomainKey-Signature: X MIME-Version: 1.0 Message-Id: <X@presentcharity.net> From: =?UTF-8?B?Q3JhenlnbG93?= <6vgXQzs@presentcharity.net> Subject: =?UTF-8?B?Q3LDqG1lIGNvbG9yYW50ZSB0ZW1wb3JhaXJlIG5hdHVyZWxsZQ==?= Reply-To: reply_to@presentcharity.net To:… Читать далее Spammer hosting @134.70.28.1
Gambling spam landing site.
This particular spammer is doing the rounds. again. Date: Wed, 21 Apr 2021 x +0200 From: Pokie Spins 💰 <email@e.cudo.com.au> To: x Subject: Re: Congratulations x ! You will receive up to $10000 as a welcome bonus! Click here hanfiska.dns.army has address 130.61.175.51
Spammer hosting @134.70.28.1
Spammer hosting located here: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idqyn1owx1ll/b/njfrbizzgausse/o/1FRdqgqcalkdh.html -> https://www.hasadom2.com/X -> https://securedns.site/LtmVNo?aid=X —> https://only-promotion.com/41/mcgausse-m-med/gps/?X $ dig +short objectstorage.us-ashburn-1.oraclecloud.com objectstorage.us-ashburn-1.oci.oraclecloud.com. 134.70.28.1 134.70.32.1 134.70.24.1 Spam sample ==================================================================== Received: from presentcharity.net (presentcharity.net [91.211.250.153]) by X (Postfix) with ESMTP id X for <X>; Mon, 3 May 2021 X DKIM-Signature: X DomainKey-Signature: X MIME-Version: 1.0 Message-Id: <X@presentcharity.net> From: =?UTF-8?B?Q2VudHJlIGRlIEx1dHRlIGNvbnRyZSBsYSBEb3VsZXVy?=<NKPbwYv@presentcharity.net> Subject: =?UTF-8?B?TGEgbWVpbGxldXJlIHNvbHV0aW9uIHBvdXIgbGVzIGRvdWxldXJzIGFydGljdWxhaXJlcywgbXVzY3VsYWlyZXMgZXQgdmVydMOpYnJhbGVz?= Reply-To: reply_to@presentcharity.net… Читать далее Spammer hosting @134.70.28.1
phishing server
$ host becu1-home.duckdns.org becu1-home.duckdns.org has address 129.146.41.191 «Login to BECU Online Banking «
QuasarRAT botnet controller @129.151.100.167
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 129.151.100.167 on port 4782 TCP: $ telnet 129.151.100.167 4782 Trying 129.151.100.167… Connected to 129.151.100.167. Escape character… Читать далее QuasarRAT botnet controller @129.151.100.167
spam emitter @129.146.252.239
Received: from wikihow.com (129.146.252.239 [129.146.252.239]) Date: Fri, 21 May 2021 05:0x:xx +0200 From: Bitcoin Code<droblx.com@com.1strand0m-accessdigitalstoragedevice.exposed> Subject: Why has Mark Zuckerberg invested in crypto https://storage.googleapis.com/009630314ac2a9e/offrall.html https://www.pw22trk.com/2CS482FTB/XCQZJ/?creative_id=1366&source_id=2&sub1=qwn https://tracking.track-it.pro/aff_c?offer_id=45&aff_id=1057&aff_sub=[]&aff_sub2=670473&aff_sub3=qwn&aff_sub4=&aff_sub5=Code&aff_click_id= https://the-btc-system.com/?clickID=[]&aff=Code&c=CH&tid=[]&aff_id=1057 https://codenet-systemapp.com/api/v1/auto_login?r=https://codenet-systemapp.com/ https://codenet-systemapp.com/funds www.pw22trk.com. 300 IN A 35.244.150.190 tracking.track-it.pro. 300 IN A 172.67.159.25 tracking.track-it.pro. 300 IN A 104.21.34.104 the-btc-system.com. 300 IN A 104.21.6.181 the-btc-system.com. 300 IN A 172.67.135.26 codenet-systemapp.com.… Читать далее spam emitter @129.146.252.239
phishing server
verifications-chase03b.com has address 193.122.151.199 secureboa-verification.com has address 193.122.151.199 chasesecure-app-login.com has address 193.122.151.199 chaseverify-secure-login.com has address 193.122.151.199 securechaseverify-login.com has address 193.122.151.199 royalonlinepay.com has address 193.122.151.199 verification-chaseweb.com has address 193.122.151.199 online-verification-53.com has address 193.122.151.199
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range