Relay for Hello Fortune casino spam campaign via Google Storage bucket s5c4f1sd58df. Also relayed vi ...
show moreRelay for Hello Fortune casino spam campaign via Google Storage bucket s5c4f1sd58df. Also relayed via known bad actor efianalytics.com (216.244.76.116). spf=pass. Safe Browsing + Cloud Abuse reported.
show less
Relay for Hello Fortune casino spam campaign via Google Storage bucket kjhqdkjqnskjdhnqskjd. Also re ...
show moreRelay for Hello Fortune casino spam campaign via Google Storage bucket kjhqdkjqnskjdhnqskjd. Also relayed via known bad actor efianalytics.com (216.244.76.116). spf=pass. Safe Browsing + Cloud Abuse reported.
show less
Spam/phishing email sent from this IP (Hivelocity).
From: [email protected]
...
show moreSpam/phishing email sent from this IP (Hivelocity).
From: [email protected]
Subject: "Your Account-ID : 22155048"
Payload hosted on Google Storage bucket (sd6514s6589dsd) โ already taken down by Netcraft.
DKIM: permerror. SPF: pass on throwaway domain.
show less
Known originating server (efianalytics.com / Wowrack) used in multiple phishing campaigns. Confirmed ...
show moreKnown originating server (efianalytics.com / Wowrack) used in multiple phishing campaigns. Confirmed across two separate phishing emails on 21 May 2026. 88+ reports on AbuseIPDB since 2021.
show less
Phishing email sent via this IP, PTR spoofed as www.bxcb2.nyc.gov (HostingDunyam). Impersonating Clo ...
show morePhishing email sent via this IP, PTR spoofed as www.bxcb2.nyc.gov (HostingDunyam). Impersonating Cloud Storage service, urging victims to update payment details. Payload hosted on Google Storage bucket.
show less
Phishing email relayed via this IP (chubaix.org / Hivelocity). Part of an Ozempic/GLP-1 phishing cam ...
show morePhishing email relayed via this IP (chubaix.org / Hivelocity). Part of an Ozempic/GLP-1 phishing campaign using a Google Storage bucket as payload host.
show less
Phishing relay used to impersonate Punktum.dk (Danish domain
registry). Cyrillic homoglyph attack ...
show morePhishing relay used to impersonate Punktum.dk (Danish domain
registry). Cyrillic homoglyph attack targeting Danish domain
holders. Phishing page: https://omarbendouhasteamwo1ebb8
.myclickfunnels.com/accountis--ac97f
Reports filed with AWS abuse, Google Safe Browsing,
Spamhaus, Netcraft and ClickFunnels.
show less
Phishing relay used to impersonate Punktum.dk (Danish domain
registry). Cyrillic homoglyph attack ...
show morePhishing relay used to impersonate Punktum.dk (Danish domain
registry). Cyrillic homoglyph attack targeting Danish domain
holders. Phishing page: https://omarbendouhasteamwo1ebb8
.myclickfunnels.com/accountis--ac97f
Reports filed with AWS abuse, Google Safe Browsing,
Spamhaus, Netcraft and ClickFunnels.
show less
Phishing email received May 15, 2026 at 14:49 UTC via port 25 (SMTP).
IP used as sending infrastruc ...
show morePhishing email received May 15, 2026 at 14:49 UTC via port 25 (SMTP).
IP used as sending infrastructure for a phishing campaign impersonating
Garmin (free Dash Cam giveaway). Sending infrastructure belongs to
HostingDunyam (AS212219, Turkey) โ known bulletproof hoster that ignores
all abuse reports despite 10+ direct notifications.
Same fingerprint as multiple previous campaigns: efianalytics.com
(216.244.76.116) as originating server, phishing page hosted in
Google Cloud Storage bucket "lastkljferofg".
Spoofed .gov PTR record (www.bxcb2.nyc.gov) used to appear legitimate.
Reports filed: SpamCop, Spamhaus, Google Safe Browsing, Google Cloud
Storage abuse, USOM, Turkish Embassy The Hague.
show less
Phishing email received May 16, 2026 at 14:30 UTC via port 25 (SMTP).
IP used as sending infrastruc ...
show morePhishing email received May 16, 2026 at 14:30 UTC via port 25 (SMTP).
IP used as sending infrastructure for a phishing campaign impersonating
AAA (American Automobile Association). Sending infrastructure belongs
to HostingDunyam (AS212219, Turkey) โ known bulletproof hoster that
ignores all abuse reports despite 10+ direct notifications.
Same fingerprint as multiple previous campaigns: efianalytics.com
(216.244.76.116) as originating server, phishing page hosted in
Google Cloud Storage bucket "lastkljferofg".
Spoofed .gov PTR record (www.bxcb2.nyc.gov) used to appear legitimate.
Reports filed: SpamCop, Spamhaus, Google Safe Browsing, Google Cloud
Storage abuse, USOM, Turkish Embassy The Hague.
show less
Phishing email received May 15, 2026 at 08:21 UTC via port 25 (SMTP).
IP used as sending infrastru ...
show morePhishing email received May 15, 2026 at 08:21 UTC via port 25 (SMTP).
IP used as sending infrastructure for a phishing campaign impersonating
a cloud storage service, threatening account closure within 48 hours to
trick victims into clicking a fake payment link. Phishing page hosted in
Google Cloud Storage bucket "vcxbiuouioui".
Reports filed: SpamCop, Spamhaus, Google Safe Browsing, Google Cloud
Storage abuse, GigeNET abuse.
show less
Phishing email received May 14, 2026 at 14:56 UTC via port 25 (SMTP).
Sending infrastructure belon ...
show morePhishing email received May 14, 2026 at 14:56 UTC via port 25 (SMTP).
Sending infrastructure belongs to HostingDunyam (Turkey), a known
bulletproof hoster that ignores all abuse reports. Same fingerprint
as multiple previous campaigns: efianalytics.com (216.244.76.116)
as originating server, phishing page hosted in Google Cloud Storage
bucket "lastkljferofg". Impersonating Costco / YETI. This is part
of an ongoing campaign with multiple brands targeted today alone.
Reports filed: SpamCop, Spamhaus, Google Safe Browsing, Google Cloud
Storage abuse, Wowrack (ticket WOWABUSE-6518).
show less
Phishing email received May 15, 2026 at 22:29 UTC via port 25 (SMTP).
Sending infrastructure belon ...
show morePhishing email received May 15, 2026 at 22:29 UTC via port 25 (SMTP).
Sending infrastructure belongs to HostingDunyam (Turkey), a known bulletproof
hoster that ignores all abuse reports. Same fingerprint as multiple previous
campaigns: efianalytics.com (216.244.76.116) as originating server, phishing
page hosted in Google Cloud Storage bucket "lastkljferofg". Impersonating AAA
(American Automobile Association). Reports filed: SpamCop, Spamhaus, Google
Safe Browsing, Google Cloud Storage abuse.
show less
PhishingEmail SpamSpoofing
By clicking โAccept allโ, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.