These and a few more NHS Covid passpost scams. 45.132.17.177 vaccinepass-id.com 45.132.17.177 covidpass-id.com
Malware botnet controller @194.87.210.74
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.210.74 on port 443 TCP: $ telnet 194.87.210.74 443 Trying 194.87.210.74… Connected to 194.87.210.74. Escape character… Читать далее Malware botnet controller @194.87.210.74
Phishing source
Return-Path: <qololujy@tfindia.com> Received: from tfindia.com ([130.61.152.28]) by [] (8.14.7/8.14.7) with ESMTP id [] for []; Fri, 5 Mar 2021 12:[]:[] -0500 Date: Sat, 6 Mar 2021 1:[]:[] +0800 From: [] <[]@tfindia.com> Message-ID: <[]@tfindia.com> To: [] Subject: Want to extend your free trial [] — NetRange: 130.61.0.0 — 130.61.255.255 CIDR: 130.61.0.0/16 NetName: OC-195 NetHandle: NET-130-61-0-0-1 Parent:… Читать далее Phishing source
Gambling spam landing site.
Having been kicked off AWS twice, they have moved here: Resolving sahlik.dns.army (sahlik.dns.army)… 150.136.20.161 Connecting to sahlik.dns.army (sahlik.dns.army)|150.136.20.161|:80… connected. HTTP request sent, awaiting response… 200 OK Length: 37 [text/html] Saving to: ‘trans.php.1’
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
Server/account sending fraud spam
Received: from omz.shoppingexclusiv.de (unknown [129.159.126.57]) by xx; Sat, 3 Apr 2021 13:22:21 -0400 (EDT) Received: from mmt.radishbo-ya.co.jp (HELO read.izhzonetime.net) () by mx01.lytzenitmail.dk with ESMTP; 22 Mar 2021 11:22:09 +0100 Subject:godaddy virus detected (6) From:Urgent xx Date: Sat, 03 Apr 2021 16:22:31 +0200 To: <yourmom1260@jubii.dk> Reply-To: «Sainsbury’s Bank Plc» <email.reply@sainsburysbank.co.uk> MIME-Version: 1.0 X-mailer: nlserver, Build 6.7.0… Читать далее Server/account sending fraud spam
iphone scammer spam
This particular perpetrator never gives up, just changes his host. Resolving sahlik.dns.army (sahlik.dns.army)… 129.146.63.30 Connecting to sahlik.dns.army (sahlik.dns.army)|129.146.63.30|:80… connected. HTTP request sent, awaiting response… 200 OK
Spam source @129.213.77.113
The host at this IP address is emitting spam emails. Spam sample ========================================= From: staff@fotoregali.com Subject: X Sie haben die Chance, zu Hause reich zu sein (letzte Moglichkeit) =========================================
Spam source @150.136.156.209
The host at this IP address is emitting spam emails. Spam sample ========================================= From: staff@fotoregali.com Subject: X Sie haben die Chance, zu Hause reich zu sein (letzte Moglichkeit) =========================================
Gambling spam landing site.
This particular spammer is doing the rounds. again. Date: Wed, 21 Apr 2021 x +0200 From: Pokie Spins 💰 <email@e.cudo.com.au> To: x Subject: Re: Congratulations x ! You will receive up to $10000 as a welcome bonus! Click here hanfiska.dns.army has address 130.61.175.51