This IP address is sending spam for OMICS (aka Remedy Publishing, aka Austin Publishing, and others) advertising its «open-access» journals. The spam is sent to scraped, purchased, or appended lists. OMICS claims that these journals are peer-reviewed, but they have a dubious reputation among the academics we have asked. DigitalOcean: OMICS appears to be running… Читать далее Spam Emitter (OMICS)
DCRat botnet controller @35.195.10.252
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.195.10.252 on port 443 TCP: $ telnet 35.195.10.252 443 Trying 35.195.10.252… Connected to 35.195.10.252. Escape character… Читать далее DCRat botnet controller @35.195.10.252
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: OGI Newsletter <noreply@oginnovation.co.uk> Subject: Happy Holidays from OGI! Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution… Читать далее Abused / misconfigured newsletter service (listbombing)
Spamvertised website
2021-12-22 nadisdh.com. 60 IN A 212.109.196.155 2021-12-18 nadisdh.com. 60 IN A 188.120.247.101 2021-12-17 nadisdh.com. 60 IN A 91.223.180.111 2021-12-09 nadisdh.com. 60 IN A 212.109.199.195 2021-12-08 nadisdh.com. 60 IN A 212.109.199.174 Received: from eaquegmhjm.cloudfront.net (20.68.129.110) From: Collagen, Collagen, <noreply@info.dnb.no> Subject: 𝟔 𝐠𝐨𝐝𝐞 𝐠𝐫𝐮𝐧𝐧𝐞𝐫 𝐭𝐢𝐥 å 𝐭𝐚 𝐂𝐨𝐥𝐥𝐚𝐠𝐞𝐧 𝐏𝐥𝐮𝐬 Date: Mon, 06 Dec 2021 10:5x:xx +0000 http://nadisdh.com/rd/[]… Читать далее Spamvertised website
Spam Emitter (OMICS)
phishing server
34.106.102.169|boa-safe.com|2021-12-20 02:01:21 34.106.102.169|boa-secured.com|2021-12-20 02:21:21 34.106.102.169|boa-secures.com|2021-12-21 06:46:20 34.106.102.169|charles-schwabs.com|2021-12-20 01:29:01 34.106.102.169|secured-america.com|2021-12-21 02:15:20 34.106.102.169|secures-boa.com|2021-12-21 13:52:19
phishing server
hXXps://secured-schwab.com/ secured-schwab.com has address 34.106.43.189
RaccoonStealer botnet controller @178.62.232.173
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 178.62.232.173 on port 80 (using HTTP POST): hXXp://178.62.232.173/ Referencing malware binaries (MD5 hash): 8426f202fff106a789373511286c2efb — AV detection: 22 / 68 (32.35) 9e16ef5a1635cc433e55589627b01ef6… Читать далее RaccoonStealer botnet controller @178.62.232.173
spam emitter @95.167.221.156
Received: from sysmon.eltex-co.ru (95.167.221.156 [95.167.221.156]) by [] with SMTPS id []; Mon, 20 Dec 2021 23:4x:xx -0800 (PST) Received: from gmail.com (unknown [23.146.242.56]) by sysmon.eltex-co.ru (Postfix) with ESMTPSA id [] for []; Tue, 21 Dec 2021 14:3x:xx +0700 (+07) Reply-To: ronevergreen73@gmail.com From: «Mr.Ronald Evergreen» <efexwec@gmail.com> Subject: I await your response…21/12/2021 Date: 21 Dec 2021 02:3x:xx… Читать далее spam emitter @95.167.221.156
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range