Рубрика: ovh.net

Spammer hosting located here: http://tracking.hostingseekers.net/tracking/click $ dig +short tracking.hostingseekers.net api.elasticemail.com. 188.165.1.80 54.38.226.140 94.23.161.19 46.105.88.234 164.132.95.123 Spam sample =============================== Received: from nd1.mxout.mta3.net (nd1.mxout.mta3.net [51.178.153.1]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Fri, 3 Dec 2021X DKIM-Signature: X DKIM-Signature: X From: HostingSeekers… Читать далее Spammer hosting @188.165.1.80

A number of IP addresses, all at Elastic Email, are sending spam for a long-time real estate marketing spam operation. The spam are «flyers» advertising properties to sale. They are sent to scraped, purchased and appended lists. Many of the email addresses have not been in use for over a decade, rejected email for several… Читать далее EFlyerMarketing (via Elastic Email)

Sites used by spammers to confirm addresses to send them more spam 37.59.176.212 a.mx.remove-me-please.com 37.59.176.212 correo.remove-me-please.com 37.59.176.212 no-more-ads.com 37.59.176.212 remove-me-please.com 37.59.176.212 take-me-off.net 37.59.176.212 unsubscribe-me.net

Return-Path: <marshal.sequira@us-insight.com> Received: from ipsa.2.rmjb2.com (ipsa.2.rmjb2.com [54.38.144.192]) by [] (8.14.7/8.14.7) with ESMTP id [] (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for []; Tue, 30 Nov 2021 13:[]:[] -0500 Authentication-Results: [] DKIM-Signature: [] Return-Receipt-To: «marshal sequira» <marshal.sequira@us-insight.com> From: «marshal sequira» <marshal.sequira@us-insight.com> To: [] Subject: LIMS / CTMS — Tech Users Accounts Date: Tue, 30 Nov 2021 10:[]:[] -0800… Читать далее Spam source

The host at this IP address is being (ab)used to «listbomb» email addresses: From: Trust In News <assinaturas@info.trustinnews.pt> Subject: Últimos dias da Campanha Black Friday! Aproveite descontos até 67% nas melhores revistas Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being… Читать далее Abused / misconfigured newsletter service (listbombing)

Received: from mail2-202.pollsreleased300.com (147.135.182.202) Date: Fri, 26 Nov 2021 07:1x:xx +0000 Subject: 🇳🇴 Viktige nyheter for landet. From: dagsavisen.no <info@pollsreleased300.com> Previously spamming from: 5.196.196.179 mail1-179.pollsreleased300.com 2021-11-11 16:5x:xx

The host at this IP address is being (ab)used to «listbomb» email addresses: From: Trust In News <assinaturas@info.trustinnews.pt> Subject: A Black Friday chegou com descontos até 67% nas suas revistas preferidas 💣💣💣 Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.68.142.233 on port 31156 TCP: $ telnet 51.68.142.233 31156 Trying 51.68.142.233… Connected to 51.68.142.233. Escape character… Читать далее RedLineStealer botnet controller @51.68.142.233

This IP address is sending spam for Zacc Serum, a disk jockey located in Paris, France. Zacc Serum hired a bulk email organization named @Mail250 to send bulk email for them. @Mail250 sends a great deal of spam. We are not sure whether the list that sent this email came from the customer or from… Читать далее zkh15.top

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.81.139.72 on port 10762 TCP: $ telnet 51.81.139.72 10762 Trying 51.81.139.72… Connected to 51.81.139.72. Escape character… Читать далее RedLineStealer botnet controller @51.81.139.72