German pill spam gang hosted here: $ dig +short www.apotheke-potenz.de 172.67.207.116 104.21.50.164
Spammer hosting @104.21.50.164
German pill spam gang hosted here: $ dig +short www.apotheke-potenz.de 172.67.207.116 104.21.50.164
Assorted phish landing sites.
Was SBL536276 47.89.252.64/32 Was SBL536138 47.251.44.214/32 Was SBL536089 47.251.12.133/32 Was SBL536014 47.254.184.139/32 finportalspkdeutschland.com has address 45.8.124.239 spkidservice.com has address 45.8.124.239 spk-portal.com has address 45.8.124.239 kontoabgleichterminal.com has address 45.8.124.239 giro-home-spkupdate.com has address 45.8.124.239 finportal-spk-home.com has address 45.8.124.239 spk-datenmanager.com has address 45.8.124.239 systemlog-spk.com has address 45.8.124.239 girofilialinfo-spk.com has address 45.8.124.239 live-spk-home.com has address 45.8.124.239 endverbraucherspk.com has address… Читать далее Assorted phish landing sites.
spam emitters
Received: from s6.megojom.ru (megojom.ru [185.186.2.142]) Date: Sun, 14 Nov 2021 15:0x:xx +0000 From: Aleksandr <info@s6.megojom.ru> Subject: Предложение 185.186.2.138 eseneno.ru 185.186.2.139 yeremont.ru 185.186.2.140 uwentos.ru 185.186.2.141 dsergom.ru 185.186.2.142 megojom.ru
Techcon HK
This IP address is being used to connect to the Liquidweb-owned IP address that sends spam for Techcon HK, a seller of computers and tech equipment in Hong Kong. The seller has many previous SBL listings for spam extending back for many years. Linode: Please deal with your spamming customer. Received: from host.justnameserver.net (host.justnameserver.net [67.225.208.62])… Читать далее Techcon HK
advance fee fraud spam source
VPS rented by scammer. Forged headers. 100.202.209.134.in-addr.arpa. 1792 IN PTR bizcloud-server.uni.edu. ================================================================================= Received: from bizcloud-server.uni.edu (HELO bizcloud-server.uni.edu) (134.209.202.100) by x (x) with ESMTP; Sun, 14 Nov 2021 xx:xx:xx +0000 Received: from teesvalley-ca.gov.uk (bizcloud-server.uni.edu [IPv6:::1]) by bizcloud-server.uni.edu (Postfix) with ESMTP id x for <x>; Sun, 14 Nov 2021 xx:xx:xx +0000 (UTC) Reply-To: successgroups10000000@gmail.com From: «Prof. Mamoru»… Читать далее advance fee fraud spam source
phishing server
hXXp://dhlexpress-parcels.ml/DHL/ 68.183.12.28|dhlexpress-parcel.ml|2021-11-14 17:40:53 68.183.12.28|dhlexpress-parcel.tk|2021-11-14 18:30:40 68.183.12.28|dhlexpress-parcels.ga|2021-11-14 17:40:46 68.183.12.28|dhlexpress-parcels.gq|2021-11-14 18:30:44 68.183.12.28|dhlexpress-parcels.ml|2021-11-14 18:20:52 68.183.12.28|dhlexpress-parcels.tk|2021-11-14 17:40:46 68.183.12.28|hahowa.cf|2021-11-14 16:47:51
Auth abuse.
After several hours of trying the same ID over and over again, maybe he will go away. 500 attempts later…
spam emitter @192.46.209.226
Received: from siremlincoln11.onmicrosoft.com (192.46.209.226) Date: Sun, 14 Nov 2021 00:4x:xx +0100 From: ғʟᴀʙʙʏ ᴀʀᴍs <[]@[].nauticaposto.com> Subject: 𝙅𝙖𝙥𝙖𝙣𝙚𝙨𝙚 “𝙘𝙖𝙧𝙗 𝙩𝙧𝙞𝙘𝙠” 𝙗𝙪𝙧𝙣𝙨 2 𝙡𝙗𝙨 𝙤𝙛 𝙗𝙚𝙡𝙡𝙮 𝙛𝙖𝙩 http://jtv0xy-tikyljjoufxm.memoriesfoor.site/cl/14617_md/[] 143.198.38.141 https://chebacheb.com/?E=[]&s1=374&s2=14617_2&s3=[] 54.219.169.71 https://drehpehsnamreg.com/?E=[]&s1=374&s2=14617_2&s3=[]&ckmguid=[] 54.153.15.35 https://www.ep20trk.com/C9JN8J/2CTPL/?uid=36&sub1=5301&sub2=[]&sub3=374 34.120.202.146 https://glucafix.us/vidgfx/index.php?aff_id=1151&subid2=[]&subid=227&subid3=5301 104.21.92.251
spam emitter @172.104.206.43
Received: from yyutremlincoln16.onmicrosoft.com (172.104.206.43) Date: Sat, 13 Nov 2021 22:5x:xx +0100 From: ᴍᴜᴀᴍᴀ ʀʏᴏᴋᴏ <[]@[].nauticaposto.com> Subject: 𝙂𝙚𝙩 𝙒𝙞𝙁𝙞, 𝙖𝙣𝙮𝙬𝙝𝙚𝙧𝙚, 𝙖𝙣𝙮𝙩𝙞𝙢𝙚! http://xs2zkb-mayfcexvusjf.memoriesfoor.site/cl/14597_md/[] 143.198.38.141 https://chebacheb.com/?E=[]&s1=374&s2=14597_2&s3=[] 54.219.169.71 https://enadtaerg.com/?E=[]&s1=374&s2=14597_2&s3=[]&[] 13.52.80.238 https://ryokorouter.com/articles/everyone-going-crazy/?l=en&c=usd&vndr=evf&evf=1&uid=326&offid=5&affiliate_id=16&shaff=0&subid=5301&subid2=[]6&subid3=374 104.21.66.252