*** 4th listing due to the same cause! *** The host at this IP address is being (ab)used to «listbomb» email addresses: From: aidsmap bulletins <bulletins@bulletins.aidsmap.com> Subject: aidsmap news: Long COVID more common in people with HIV, Monday 7 March 2022 Problem description ============================ Spammers signed up for the bulk email service using the victim’s… Читать далее Abused / misconfigured newsletter service (listbombing) [4th listing]
Spam source @195.201.145.88
Received: from web.activeinteractive.nl (web.activeinteractive.nl [195.201.145.88]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Mon, 7 Mar 2022 X Received: by web.activeinteractive.nl (Postfix, from userid 1010) id X; Mon, 7 Mar 2022 X To: X Subject: Opgave PloegerRangFestival Date: Mon, 7 Mar… Читать далее Spam source @195.201.145.88
Cybercrime sites
luxchecker.pm. 600 IN A 45.11.26.85 luxchecker.pw. 600 IN A 45.11.26.85 _______________________________ Was: luxchecker.pm. 600 IN A 194.36.178.116 luxchecker.pw. 600 IN A 194.36.178.116 _______________________________ Was: luxchecker.pm. 600 IN A 185.244.181.16 luxchecker.pw. 600 IN A 185.244.181.16 _______________________________ Was: luxchecker.pm. 600 IN A 80.66.64.199 luxchecker.pw. 600 IN A 80.66.64.199 _______________________________ Was: 94.142.140.254 luxchecker.pm 2022-03-01 23:13:51 94.142.140.254 luxchecker.pw 2022-03-01… Читать далее Cybercrime sites
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Voermans Mia <s.zingaro@studenti.poliba.it> Subject: I want good sex. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution… Читать далее Abused / misconfigured newsletter service (listbombing)
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: The Liane <mjohnson@alumni.ecu.edu> Subject: Liane wants hard sex with a man. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email… Читать далее Abused / misconfigured newsletter service (listbombing)
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Michaela Finger <reynaldisya@365.telkomuniversity.ac.id> Subject: Relationships are more often saved not by iron nerves, but by rubber patience. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed»… Читать далее Abused / misconfigured newsletter service (listbombing)
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Preuss Amanda <jorge.florestr@correoaiep.cl> Subject: Lustful Amanda longs to see you. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns.… Читать далее Abused / misconfigured newsletter service (listbombing)
Loki botnet controller @80.66.64.206
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 45.8.124.154 on port 80 (using HTTP POST): hXXp://hstfurnaces.net/gd4/fre.php hstfurnaces.net. 600 IN A 45.8.124.154 Referencing malware binaries (MD5 hash): 0d5b6c1f4ae4856fb7e00acd033c7938 — AV detection:… Читать далее Loki botnet controller @80.66.64.206
spam emitters
Received: from s9.goronet.ru (193.168.48.68 [193.168.48.68]) Date: Sun, 6 Mar 2022 13:1x:xx +0000 From: Aleksandr <info@s9.goronet.ru> Subject: Предложение 193.168.48.32 goronet.ru 193.168.48.42 goronet.ru 193.168.48.68 goronet.ru
Phish spam site @51.15.139.10
Received: from default.reselling.services (45.82.121.242 [45.82.121.242]) From: International Card Services < service-international-klant@onsnet.nu > Subject: Jaarlijkse veiligheidsvoorschrift Date: 6 Mar 2022 07:4x:xx +0100 https://s.id/actueel200 => https://pxlme.me/ll8YJ-rL => https://ecstatic-galois.45-88-108-231.plesk.page/c63/ s.id. 529 IN A 45.126.58.78 pxlme.me. 248 IN A 51.15.139.10 ecstatic-galois.45-88-108-231.plesk.page. 3600 IN A 45.88.108.231