Spam MX services (remedypublication.net) (OMICS)

Cloudflare hosts the A records of teh domain remedypublication.net, which belongs to Remedy Publishers, aka OMICS. OMICS is a publisher of «open-access» journals. It solicits contributions and (by implication) subscriptions to its journals by sending spam to scraped, purchased, or appended lists. OMICS has considerably over 100 SBL listings, over 40 of which are currently… Читать далее Spam MX services (remedypublication.net) (OMICS)

Spammer hosting @172.67.194.231

Spammer hosting located here: http://nyc.hiremedical.com/home/redirect/?site=//0xC227CF2A?MTk4NTk3MTg4PTQyOTk0JjM0MjU4MjU9MjY1JjE0Mz1jbGljayY3cm5ud2U9NiZsaWQ9NjA3Mw== -> http://194.39.207.42/?X —> https://www.loansidemed.com/2LMRW6M/LZBSWBW/?sub2=X —> https://getnuubu.com/articles/uncovered-japanese/?l=X $ dig +short getnuubu.com 172.67.194.231 104.21.12.141 Spam sample ======================================== Received: from forget.beginndend.com (forget.beginndend.com [27.255.79.190]) by X (Postfix) with ESMTP id X for <X>; Sat, 22 Jan 2022 X Received: from tpgau.xyz (unknown [74.63.254.136]) by X (Postfix) with ESMTP id X for <X>; Sat, 22… Читать далее Spammer hosting @172.67.194.231

Spammer hosting @104.21.12.141

Spammer hosting located here: http://nyc.hiremedical.com/home/redirect/?site=//0xC227CF2A?MTk4NTk3MTg4PTQyOTk0JjM0MjU4MjU9MjY1JjE0Mz1jbGljayY3cm5ud2U9NiZsaWQ9NjA3Mw== -> http://194.39.207.42/?X —> https://www.loansidemed.com/2LMRW6M/LZBSWBW/?sub2=X —> https://getnuubu.com/articles/uncovered-japanese/?l=X $ dig +short getnuubu.com 172.67.194.231 104.21.12.141 Spam sample ======================================== Received: from forget.beginndend.com (forget.beginndend.com [27.255.79.190]) by X (Postfix) with ESMTP id X for <X>; Sat, 22 Jan 2022 X Received: from tpgau.xyz (unknown [74.63.254.136]) by X (Postfix) with ESMTP id X for <X>; Sat, 22… Читать далее Spammer hosting @104.21.12.141

Cryptocurrency Scam (coinlux.net)

Cloudflare hosts the A record and website of the domain coinlux.net. This domain appears in the URIs of spam sent to a filthy list, impliying that the recipient is a «customer» and that a large sum of money was deposited in their «account». Received: from THANKYOU.home (unknown [103.48.50.60]) Received: from [45.249.91.164] ([45.249.91.164]) by home with… Читать далее Cryptocurrency Scam (coinlux.net)

Cryptocurrency Scam (coinlux.net)

Cloudflare hosts the A record and website of the domain coinlux.net. This domain appears in the URIs of spam sent to a filthy list, impliying that the recipient is a «customer» and that a large sum of money was deposited in their «account». Received: from THANKYOU.home (unknown [103.48.50.60]) Received: from [45.249.91.164] ([45.249.91.164]) by home with… Читать далее Cryptocurrency Scam (coinlux.net)

Loki botnet controller @188.114.96.22

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.96.22 on port 80 (using HTTP POST): hXXp://hfjv9g950bag53fcbcdnbcbnmhy35zch.tk/BN1/fre.php $ dig +short hfjv9g950bag53fcbcdnbcbnmhy35zch.tk 188.114.96.22 Referencing malware binaries (MD5 hash): 548fceb4959384ed0351f1fcd4ef54e1 — AV detection:… Читать далее Loki botnet controller @188.114.96.22

Loki botnet controller @172.67.194.126

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.194.126 on port 80 (using HTTP POST): hXXp://mangeruio.ir/oluwa/five/fre.php $ dig +short mangeruio.ir 172.67.194.126 Referencing malware binaries (MD5 hash): 07553298f0f744325b03796d803f0add — AV detection:… Читать далее Loki botnet controller @172.67.194.126

Loki botnet controller @104.21.3.248

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.3.248 on port 80 (using HTTP POST): hXXp://augmentinprod.ir/jin/five/fre.php $ dig +short augmentinprod.ir 104.21.3.248 Referencing malware binaries (MD5 hash): 16f716620dd5c0151f14e9972ceece41 — AV detection:… Читать далее Loki botnet controller @104.21.3.248

Spamvertised website

Received: from amazon.com (194.116.217.118 [194.116.217.118]) Date: Thu, 27 Jan 2022 20:1x:xx GMT Subject: «Anna added you to the friends list» From: «FuckBook»<no-reply@shtro.top> https://subscriber.pathwayhomerealtygroup.com/SubscribeClick 172.67.166.230 https://tiktik.jp/ 104.21.70.223

reklaimyou.com (Reklaim)

This IP address hosts the A record and website of the domain reklaimyou.com. This domain is spamming heavily through direct bulk email sender @Mail250. Received: from sfr57.top (sfr57.top [51.79.69.115]) Date: Mon, 31 Jan 2022 00:##:## +0530 From: Reklaim <hello@reklaimyou.com> Subject: Your consent is required <snip> [Take back what is yours.] [[ URI: https://smtracking.reklaimyou.com/track/click/<x> Redirects to… Читать далее reklaimyou.com (Reklaim)