Received: from d218-18.smtp-out.eu-west-2.amazonses.com (23.249.218.18) From: «Sara, Account Manager» <rajarchitects18@outlook.com> Subject: [], balansen din har økt nylig Date: Thu, 26 Aug 2021 10:4x:xx +0000 URL: https://yourwalletupdate.page.link/dD4S Server IP address is 216.58.195.78 Location: https://bestclicktracker.com/6c9ac042-e205-46c8-90c4-d4783ebbd22b Server IP address is 13.56.134.54

Received: from a7-10.smtp-out.eu-west-1.amazonses.com (54.240.7.10) From: Alexander Samuelsson <samuelsson@economyrealms.com> Subject: Emelie — Mer om vårt nästa veckas möte Date: Sat, 28 Aug 2021 13:5x:xx +0000

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 18.189.143.187 on port 7777 TCP: $ telnet 18.189.143.187 7777 Trying 18.189.143.187… Connected to 18.189.143.187. Escape character… Читать далее AsyncRAT botnet controller @18.189.143.187

Some examples, all tied to the same spammer: https://did.li/VJHNf#cl/3036_md/[] https://did.li/VJHNf#cl/3048_md/[] https://did.li/VJHNf#cl/3058_md/[] https://did.li/VJHNf#cl/3063_md/[] https://did.li/VJHNf#cl/3077_md/[] https://did.li/VJHNf#cl/3120_md/[] Received: from DM5PR12CA0053.namprd12.prod.outlook.com (2603:10b6:3:103::15) Date: Sun, 12 Sep 2021 00:10:05 +0200 From: «Mortgage Finance Options» <[]@[]> Subject: Have home interest rates lowered? Don’t miss it! https://did.li/VJHNf#cl/3036_md/[] 13.32.199.25 http://terrygoods.com/#cl/3036_md/[] 188.227.86.57 https://www.tiarain.com/[] 67.219.150.10 https://cdmtrk.com/?E=[]&s1=821473&s2=[] 44.230.103.57 https://www.lowermybills.com/lending/home-refinance?sourceid=[]&pkey1=108&pkey2=821473&pkey3=&sid=4&cmpid=19&crtid=6 52.40.27.155

Received: from a4-23.smtp-out.eu-west-1.amazonses.com (54.240.4.23) From: Daniel Olsson <olsson@gemstld.com> Subject: []. Gör oss en tjänst. Håll det tyst. Date: Tue, 21 Sep 2021 04:3x:xx +0000

domain used in spam operation www.theshinemoon.com… 34.208.105.244

Received: from mta119-116.msgfocus.com (185.187.119.116) by … From: Women in Technology <delegates@ades.ascendglobalmedia.com> Date: Thu, 23 Sep 2021 ##:##:## +0100 This sender has had their domain name on the DBL for more than a month. Both Upland and the domain owner have contacted Spamhaus and it has been explained to both that the use of third-party mailing… Читать далее ESP Upland supporting B2B spammer Ascend Global Media

The host at this IP address is being (ab)used to «listbomb» email addresses: From: Oil and Gas Innovation Team <noreply@oginnovation.co.uk> Subject: OGI 2022 Media Kit Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email… Читать далее Abused / misconfigured newsletter service (listbombing)

9/27/2021: Hetzner disconnected syeds.com.pk, which moved to hosting at Amazon. Spamhaus policy is to list IP addresses in the SBL that belong to or are under the control of a person or business listed as a ROKSO spammer / spam operation. So this IP address is listed. $ host syeds.com.pk syeds.com.pk has address 34.204.5.10 syeds.com.pk… Читать далее SyedsMarketing