Spammer hosting located here: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idqyn1owx1ll/b/crazyglowlemon/o/1dqgqcalkdh.html -> https://w.followflow.net/index.php?id_promo=X&promokeys=X —> https://lp.crazyglow.com/c1ad419/?bid=X $ dig +short objectstorage.us-ashburn-1.oraclecloud.com objectstorage.us-ashburn-1.oci.oraclecloud.com. 134.70.28.1 134.70.24.1 134.70.32.1 Spam sample ==================================================================== Received: from presentcharity.net (presentcharity.net [185.235.128.117]) by X (Postfix) with ESMTP id X for <X>; Wed, 28 Apr 2021 X DKIM-Signature: X DomainKey-Signature: X MIME-Version: 1.0 Message-Id: <X@presentcharity.net> From: =?UTF-8?B?Q3JhenlnbG93?= <6vgXQzs@presentcharity.net> Subject: =?UTF-8?B?Q3LDqG1lIGNvbG9yYW50ZSB0ZW1wb3JhaXJlIG5hdHVyZWxsZQ==?= Reply-To: reply_to@presentcharity.net To:… Читать далее Spammer hosting @134.70.28.1

Spammer hosting located here: https://objectstorage.us-ashburn-1.oraclecloud.com/n/idqyn1owx1ll/b/njfrbizzgausse/o/1FRdqgqcalkdh.html -> https://www.hasadom2.com/X -> https://securedns.site/LtmVNo?aid=X —> https://only-promotion.com/41/mcgausse-m-med/gps/?X $ dig +short objectstorage.us-ashburn-1.oraclecloud.com objectstorage.us-ashburn-1.oci.oraclecloud.com. 134.70.28.1 134.70.32.1 134.70.24.1 Spam sample ==================================================================== Received: from presentcharity.net (presentcharity.net [91.211.250.153]) by X (Postfix) with ESMTP id X for <X>; Mon, 3 May 2021 X DKIM-Signature: X DomainKey-Signature: X MIME-Version: 1.0 Message-Id: <X@presentcharity.net> From: =?UTF-8?B?Q2VudHJlIGRlIEx1dHRlIGNvbnRyZSBsYSBEb3VsZXVy?=<NKPbwYv@presentcharity.net> Subject: =?UTF-8?B?TGEgbWVpbGxldXJlIHNvbHV0aW9uIHBvdXIgbGVzIGRvdWxldXJzIGFydGljdWxhaXJlcywgbXVzY3VsYWlyZXMgZXQgdmVydMOpYnJhbGVz?= Reply-To: reply_to@presentcharity.net… Читать далее Spammer hosting @134.70.28.1

$ host becu1-home.duckdns.org becu1-home.duckdns.org has address 129.146.41.191 «Login to BECU Online Banking «

Received: from wikihow.com (129.146.252.239 [129.146.252.239]) Date: Fri, 21 May 2021 05:0x:xx +0200 From: Bitcoin Code<droblx.com@com.1strand0m-accessdigitalstoragedevice.exposed> Subject: Why has Mark Zuckerberg invested in crypto https://storage.googleapis.com/009630314ac2a9e/offrall.html https://www.pw22trk.com/2CS482FTB/XCQZJ/?creative_id=1366&source_id=2&sub1=qwn https://tracking.track-it.pro/aff_c?offer_id=45&aff_id=1057&aff_sub=[]&aff_sub2=670473&aff_sub3=qwn&aff_sub4=&aff_sub5=Code&aff_click_id= https://the-btc-system.com/?clickID=[]&aff=Code&c=CH&tid=[]&aff_id=1057 https://codenet-systemapp.com/api/v1/auto_login?r=https://codenet-systemapp.com/ https://codenet-systemapp.com/funds www.pw22trk.com. 300 IN A 35.244.150.190 tracking.track-it.pro. 300 IN A 172.67.159.25 tracking.track-it.pro. 300 IN A 104.21.34.104 the-btc-system.com. 300 IN A 104.21.6.181 the-btc-system.com. 300 IN A 172.67.135.26 codenet-systemapp.com.… Читать далее spam emitter @129.146.252.239

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 129.151.100.167 on port 4782 TCP: $ telnet 129.151.100.167 4782 Trying 129.151.100.167… Connected to 129.151.100.167. Escape character… Читать далее QuasarRAT botnet controller @129.151.100.167

verifications-chase03b.com has address 193.122.151.199 secureboa-verification.com has address 193.122.151.199 chasesecure-app-login.com has address 193.122.151.199 chaseverify-secure-login.com has address 193.122.151.199 securechaseverify-login.com has address 193.122.151.199 royalonlinepay.com has address 193.122.151.199 verification-chaseweb.com has address 193.122.151.199 online-verification-53.com has address 193.122.151.199

Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range

$ host secure04c-chase-client3d.com secure04c-chase-client3d.com has address 129.146.73.203

hXXp://secured-l0ginuserverifyssl.com/login/authorize/user/dashboard/login/ secured-l0ginuserverifyssl.com has address 130.61.203.19 l0gin-citizensauthreview.com has address 130.61.203.19 secured-l0ginuserverified.com has address 130.61.203.19 l0gin-securedauthverifiedssl.com has address 130.61.203.19 secured-l0ginverifyssl.com has address 130.61.203.19 secured-l0ginauthverifyinfo.com has address 130.61.203.19 l0gin-securedauthverified.com has address 130.61.203.19 l0gin-securedauthsslverify.com has address 130.61.203.19 secured-l0ginreviewuserssl.com has address 130.61.203.19

huhkumay777.com has address 132.226.117.106 secure08a-chase-explore7.com has address 132.226.117.106 adminrandi555.com has address 132.226.117.106