The host at this IP address is being (ab)used to «listbomb» email addresses: From: Trust In News <assinaturas@info.trustinnews.pt> Subject: A Black Friday chegou com descontos até 67% nas suas revistas preferidas 💣💣💣 Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being… Читать далее Abused / misconfigured newsletter service (listbombing)
spam emitter @139.162.240.122
Received: from yns_A1.com (139.162.240.122) From: (1) New message — FACEBOOK <alert@facebook-mail.com> Subject: Someone tried to log in To Your Account, User lD : [] Date: Fri, 26 Nov 2021 01:3x:xx +0000
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: OMR Education <education@omr.com> Subject: Black Week Deals #5.1: Deine Weiterbildung für 2022 zum Sonderpreis Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages… Читать далее Abused / misconfigured newsletter service (listbombing)
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: FITC <no-reply@fitc.ca> Subject: Three Upcoming Events Just for You! Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem… Читать далее Abused / misconfigured newsletter service (listbombing)
phishing server
66.29.140.235|centerinfowf.cards|2021-11-26 02:50:48 66.29.140.235|clientsprotectonline.cards|2021-11-26 02:46:14 66.29.140.235|infoclearingsecure.cards|2021-11-26 02:46:33 66.29.140.235|onlineindentityactivity.cards|2021-11-26 03:36:19
phishing server
secur03b-login8chas.com has address 178.62.66.140
Socelars botnet controller @178.18.250.204
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 178.18.250.204 on port 80 (using HTTP POST): hXXp://www.hhgenice.top/ $ dig +short www.hhgenice.top 178.18.250.204 $ nslookup 178.18.250.204 vmi707598.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @178.18.250.204
spam support (domains)
domain used in id theft operation dreadgeplot.com… 104.21.58.91, 172.67.202.136
spam support (domains)
domain used in id theft operation dreadgeplot.com… 104.21.58.91, 172.67.202.136
spam support (domains)
domain used in spam operation looks to be fake discount cards for costco, walgreens, etc. Subject: B͏L͏A͏C͏K͏ F͏R͏I͏D͏A͏Y͏, y͏o͏u͏r͏ l͏u͏c͏k͏y͏ d͏a͏y͏. (Costco) Subject: B͏L͏A͏C͏K͏ F͏R͏I͏D͏A͏Y͏ B͏e͏g͏i͏n͏s͏ N͏o͏w͏!!! (Walmart) Subject: Y͏o͏u͏ h͏a͏v͏e͏ b͏e͏e͏n͏ s͏e͏l͏e͏c͏t͏e͏d͏ (Walgreens) beastq.com