SEO/ Web Development Spam Emitter

ESP Mailerlite is sending spam to email addressees scraped from Whois records, advertising SEO and web development services. The sending iP addresses in this range appear in both /29s of the /28, so we are listing the /28. Mailerlite: Please terminate all accounts used by this spam operation. SENDING IPs: 51.222.173.102 mta11.mlsends.com 51.222.173.103 mta12.mlsends.com 51.222.173.104… Читать далее SEO/ Web Development Spam Emitter

Опубликовано
В рубрике ovh.net

Spam source @51.178.153.1

Received: from nd1.mxout.mta3.net (nd1.mxout.mta3.net [51.178.153.1]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Fri, 3 Dec 2021X DKIM-Signature: X DKIM-Signature: X From: HostingSeekers <noreply@hostingseekers.net> Date: Fri, 03 Dec 2021 X Subject: Increase your Web Hosting Business Reach with HostingSeekers Message-Id: <X.X-X@tracking.hostingseekers.net>… Читать далее Spam source @51.178.153.1

Опубликовано
В рубрике ovh.net

Spammer hosting @188.165.1.80

Spammer hosting located here: http://tracking.hostingseekers.net/tracking/click $ dig +short tracking.hostingseekers.net api.elasticemail.com. 188.165.1.80 54.38.226.140 94.23.161.19 46.105.88.234 164.132.95.123 Spam sample =============================== Received: from nd1.mxout.mta3.net (nd1.mxout.mta3.net [51.178.153.1]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Fri, 3 Dec 2021X DKIM-Signature: X DKIM-Signature: X From: HostingSeekers… Читать далее Spammer hosting @188.165.1.80

Опубликовано
В рубрике ovh.net

spammer «remove» sites @ 37.59.176.212

Sites used by spammers to confirm addresses to send them more spam 37.59.176.212 a.mx.remove-me-please.com 37.59.176.212 correo.remove-me-please.com 37.59.176.212 no-more-ads.com 37.59.176.212 remove-me-please.com 37.59.176.212 take-me-off.net 37.59.176.212 unsubscribe-me.net

Опубликовано
В рубрике ovh.net

Spam source

Return-Path: <marshal.sequira@us-insight.com> Received: from ipsa.2.rmjb2.com (ipsa.2.rmjb2.com [54.38.144.192]) by [] (8.14.7/8.14.7) with ESMTP id [] (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for []; Tue, 30 Nov 2021 13:[]:[] -0500 Authentication-Results: [] DKIM-Signature: [] Return-Receipt-To: «marshal sequira» <marshal.sequira@us-insight.com> From: «marshal sequira» <marshal.sequira@us-insight.com> To: [] Subject: LIMS / CTMS — Tech Users Accounts Date: Tue, 30 Nov 2021 10:[]:[] -0800… Читать далее Spam source

Опубликовано
В рубрике ovh.net

Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: Trust In News <assinaturas@info.trustinnews.pt> Subject: Últimos dias da Campanha Black Friday! Aproveite descontos até 67% nas melhores revistas Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being… Читать далее Abused / misconfigured newsletter service (listbombing)

Опубликовано
В рубрике ovh.net

spam emitter @147.135.182.202

Received: from mail2-202.pollsreleased300.com (147.135.182.202) Date: Fri, 26 Nov 2021 07:1x:xx +0000 Subject: 🇳🇴 Viktige nyheter for landet. From: dagsavisen.no <info@pollsreleased300.com> Previously spamming from: 5.196.196.179 mail1-179.pollsreleased300.com 2021-11-11 16:5x:xx

Опубликовано
В рубрике ovh.net

Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: Trust In News <assinaturas@info.trustinnews.pt> Subject: A Black Friday chegou com descontos até 67% nas suas revistas preferidas 💣💣💣 Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being… Читать далее Abused / misconfigured newsletter service (listbombing)

Опубликовано
В рубрике ovh.net

RedLineStealer botnet controller @51.68.142.233

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.68.142.233 on port 31156 TCP: $ telnet 51.68.142.233 31156 Trying 51.68.142.233… Connected to 51.68.142.233. Escape character… Читать далее RedLineStealer botnet controller @51.68.142.233

Опубликовано
В рубрике ovh.net