Identical spammer to: SBL543391 89.248.192.0/24 All these and more. 212.41.9.3 serasaautorizadoscn000.cloud 212.41.9.12 serasaautorizadoscn000.cloud 212.41.9.24 serasaautorizadoscn000.cloud 212.41.9.30 serasaautorizadoscn000.cloud 212.41.9.37 serasaautorizadoscn00000.cloud 212.41.9.38 autorizadoserasaexperian00.cloud 212.41.9.48 autorizadoserasaexperian00.cloud 212.41.9.60 autorizadoserasaexperian00.cloud 212.41.9.68 serasaautorizadoscn000.cloud 212.41.9.73 autorizadoserasaexperian00.cloud 212.41.9.75 autorizadoserasaexperian0000.cloud 212.41.9.76 autorizadoserasaexperian00.cloud 212.41.9.77 serasaautorizadoscn3.cloud 212.41.9.80 autorizadoserasaexperian00.cloud 212.41.9.93 serasaautorizadoscn3.cloud 212.41.9.104 serasaautorizadoscn3.cloud 212.41.9.107 serasaautorizadoscn3.cloud 212.41.9.110 autorizadoserasaexperian00.cloud 212.41.9.112 serasaautorizadoscn00000.cloud 212.41.9.116 serasaautorizadoscn3.cloud 212.41.9.117 serasaautorizadoscn00000.cloud 212.41.9.119 serasaautorizadoscn4.cloud 212.41.9.122 serasaautorizadoscn4.cloud… Читать далее Suspected Snowshoe Spam IP Range — SELECTEL-NET
Рубрика: selectel.ru
bitcoin scammer landing sites.
This is the other IP belonging to the malicious DNS at: SBL540601 94.26.249.141 2022.02.21 Meet the new boss, same as the old boss. Name changed from s1.aver.host —> s1.stronghost.su 2022.01.14 despite claims, not fixed still phishin’ 94.26.249.141 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to… Читать далее bitcoin scammer landing sites.
Hosting phishing domains
ajaxtracker.com. 600 IN A 45.8.124.156 coupon-popup.net. 600 IN A 45.8.124.156 ______________________ Was: 185.251.89.161 ajaxtracker.com 2022-02-22 00:17:23 185.251.89.161 cdn-cgi.net 2022-02-22 01:04:40 185.251.89.161 coupon-popup.net 2022-02-22 05:00:26 185.251.89.161 jquery-ui.net 2022-02-22 03:57:04 185.251.89.161 jquerylibs.net 2022-02-22 03:44:52 185.251.89.161 jqueryllc.net 2022-02-22 03:21:18 185.251.89.161 magento-plugin.com 2022-02-22 03:45:21 185.251.89.161 purechal.com 2022-02-22 04:35:13 185.251.89.161 trustdomains.net 2022-02-22 03:07:41 ______________________ Was: ajaxtracker.com. 600 IN A 91.224.22.21… Читать далее Hosting phishing domains
Suspected Snowshoe Spam IP Range — SELECTEL-NET
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range — SELECTEL-NET
Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Stolen credit card data websites: https://ascarding.com/ >>> https://infodig.is/ infodig.ch. 600 IN A 45.8.124.108 infodig.domains. 600 IN A 45.8.124.108 infodig.sx. 600 IN A 45.8.124.108 ________________ Was: infodig.ch. 600 IN A 8.212.135.34 infodig.domains. 600 IN A 8.212.135.34 infodig.sx. 600 IN A 8.212.135.34 ________________ Was: infodig.ch. 600 IN A 213.226.114.240 infodig.domains. 600 IN A 213.226.114.240 infodig.sx. 600 IN… Читать далее Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Spamvertised website
2022-02-20 gotogml.com. 60 IN A 45.8.127.154 2022-02-01 gotogml.com. 60 IN A 194.87.1.4 2022-01-31 gotogml.com. 60 IN A 194.87.1.5 2022-01-20 gotogml.com. 60 IN A 194.87.185.11 2022-01-18 gotogml.com. 60 IN A 5.188.160.30 Received: from iustocouny.newdom.com (20.77.57.222) Date: Mon, 17 Jan 2022 12:34:00 +0000 From: 💖💖 Charming Russian Girls 💖💖 <> Subject: Find Your Russian Girl Who is… Читать далее Spamvertised website
Tofsee botnet controller @45.8.124.99
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.8.124.99 on port 443 TCP: $ telnet 45.8.124.99 443 Trying 45.8.124.99… Connected to 45.8.124.99. Escape character… Читать далее Tofsee botnet controller @45.8.124.99
Botnet spammed phishing domains: Phishing Google users.
google-site-verification.com. 600 IN A 45.8.124.95 googletags-manager.com. 600 IN A 45.8.124.95 _____________ Was: google-site-verification.com. 600 IN A 185.251.89.62 googletags-manager.com. 600 IN A 185.251.89.62 _____________ Was: 91.224.22.23 google-site-verification.com 2022-02-15 04:03:32 91.224.22.23 googletags-manager.com 2022-02-15 04:36:40 91.224.22.23 script-analytic.com 2022-02-15 03:41:36 _____________ Was: 91.224.22.55 google-site-verification.com 2022-02-14 03:58:56 91.224.22.55 googletags-manager.com 2022-02-13 04:15:53 91.224.22.55 login-mobile-alert.com 2021-10-09 08:11:17 91.224.22.55 login-mobile-approve.com 2021-10-09 08:11:29 _____________… Читать далее Botnet spammed phishing domains: Phishing Google users.
spam source
82.148.3.14 correio93.suavedocumentos.cloud «docu43.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T03:20:00Z (+/-10 min) 82.148.3.128 thiago03.williandocumentados.cloud «docu30.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T04:40:00Z (+/-10 min) 82.148.3.155 cindy09.ninghq.us «docu33.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T03:30:00Z (+/-10 min) 82.148.3.190 sul509.paineldocs.cloud «docu34.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T03:20:00Z (+/-10 min) 82.148.3.197 x6.empresariar2211.cloud «docu23.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T03:20:00Z (+/-10 min) 82.148.3.248 «docu48.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T05:00:00Z (+/-10 min) 82.148.3.0/24 (82.148.3.0 .. 82.148.3.255) == Sample ========================== Received: by .* (Postfix, from userid 33) id .*4.*; .* (-03) To: .*… Читать далее spam source
spam source
Spam source. Same spammer previously on 5.188.158.{69,212}. ======================================================================= Return-Path: <> Received: from viata.es (unknown [37.9.13.169]) by x (Postfix) with ESMTP id x for <x>; Wed, 9 Feb 2022 xx:xx:xx +0100 (CET) MIME-Version: 1.0 From:Home Depot <dealspromo@x.hosakomatel.co.nl> Subject:CLAlM Your Free Dyson Vacuum NOW! Reply-To: reply_to@waketech.xx To: x Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=UTF-8 Date: Wed, 09 Feb… Читать далее spam source