54.39.39.140 eei.soauto.icu 54.39.39.141 eei.soax.icu 54.39.39.142 eei.sobilan.icu sobilan.icu. 3600 IN NS ns1.sobilan.icu. sobilan.icu. 3600 IN NS ns2.sobilan.icu. ns1.sobilan.icu. 3600 IN A 54.39.39.142 ns2.sobilan.icu. 3600 IN A 54.39.39.140 ======================================================================= Return-Path: <x@eei.sobilan.icu> Received: from eei.sobilan.icu (eei.sobilan.icu [54.39.39.142]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Sat,… Читать далее spam source and site — sobilan.icu
Phishing payload against DPD
$ host dpd.uki3o.info dpd.uki3o.info has address 66.29.141.228 SMS content: «DPD: Sorry we’ve missed you, Our driver was unable to deliver your parcel. You can reschedule further delivery options by following here: dpd.uki3o.info» # whois.namecheap.com Domain name: uki3o.info Registry Domain ID: D503300001206249964-LRMS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2021-11-01T16:31:08.00Z Registrar… Читать далее Phishing payload against DPD
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
Phishing origination against Danske Bank (Nordic banking group)
Return-Path: <cpnsultation@rore.com> Received: from rore.com (170-187-146-83.ip.linodeusercontent.com [170.187.146.83]) by x (Postfix) with ESMTPS id x for <x>; Mon, 15 Nov 2021 ##:##:## +0100 (CET) Received: from rore.com (rore) by rore.com with bizsmtp id x; Wed, 30 Jui 2021 ##:##:## +0100 Date: Mon, 15 Nov 2021 ##:##:## +0000 To: x From: Danske Bank <cpnsultation@rore.com> Reply-To: cpnsultation@rore.com Subject:… Читать далее Phishing origination against Danske Bank (Nordic banking group)
spam emitter @74.207.242.95
Received: from lawsonproducts.com (74.207.242.95) Date: Sun, 14 Nov 2021 12:0x:xx +0100 From: «Sams Club» <admin@[].sheterclub.com> Subject: [], Important message for you.
spam emitter @45.79.216.245
Received: from calasu.com (45.79.216.245) From: Silvercrest<reply@lidl.ru!>;<service@stayfriends.de> Subject: Alles was du brauchst an einem Ort Date: Sun, 14 Nov 2021 17:0x:xx +0000 https://algatv.com/rd/[] 172.67.184.127 https://laudypauty.com/[] 193.227.129.166 302 https://alldigitalproduct.com/r/[] 77.81.121.73 https://palusil.com/sf/tpl19/?logo=lidl&item=6U1C&sub1=[]&sub2=6JQW&sub3=473674 104.21.67.80
Spamvertised website
Received: from cz2361.merrell.pl (20.70.96.239) From: Fidelity Life Insurance<[]> Subject: $𝟐𝟓𝟎,𝟎𝟎𝟎 𝐜𝐨𝐯𝐞𝐫𝐚𝐠𝐞 𝐚𝐬 𝐥𝐨𝐰 𝐚𝐬 $𝟏𝟓/𝐦𝐨𝐧𝐭𝐡 𝐲𝐨𝐮 𝐜𝐨𝐮𝐥𝐝 𝐡𝐞𝐥𝐩 𝐩𝐫𝐨𝐭𝐞𝐜𝐭 𝐲𝐨𝐮𝐫 𝐟𝐚𝐦𝐢𝐥𝐲 Date: Mon, 15 Nov 2021 02:5x:xx +0000 http://23.11.133.34.bc.googleusercontent.com/t?encv=2&v=[] 34.133.11.23 https://loreofthrust.com/[] 102.129.133.11 https://threedegre.com/?E=[]&s1=350020&s5=[] 35.167.196.106 https://liferateins.com/?E=[]&s1=350020&s5=[]&ckmguid=[] 34.216.254.239 https://www.fidelitylifeinsurance.com/?o=fx1&c1=350020&c2=&c3=&c4=585&c5=[]&clickid=[] 40.84.159.58
Loki botnet controller @172.67.169.38
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.169.38 on port 80 (using HTTP POST): hXXp://utensilsprod.xyz/five/fre.php $ dig +short utensilsprod.xyz 172.67.169.38 Referencing malware binaries (MD5 hash): 5ce9bc025711280fa8e91f12fa39e5ec — AV detection:… Читать далее Loki botnet controller @172.67.169.38
Spammer hosting @104.21.72.151
German pill spam gang hosted here: $ dig +short doktor-rezeptfrei.at 104.21.72.151 172.67.186.68
Spammer hosting @172.67.186.68
German pill spam gang hosted here: $ dig +short doktor-rezeptfrei.at 104.21.72.151 172.67.186.68