close

March 2024 only! Join our Discord free of charge.

Slick­Stack
Lightning-fast WordPress on Nginx

BuyVM is a huge sponsor of email spam and malware

  • This topic is empty.
Viewing 22 posts - 1 through 22 (of 22 total)
  • Author
    Posts
  • #5735 Reply
    Thomas
    Guest

    BuyVM is one of the worst reputation of IP addresses in the world. It has been like that for many years, Francisco LOVES spammers

    https://www.abuseipdb.com/check/104.244.74.55

    https://www.abuseipdb.com/check/104.244.73.205

    “This IP was reported 2,486 times”

    Hostname(s) LuxembourgTor5.lu
    Luxembourg, Luxembourg

    #5736 Reply
    Ashley
    Guest

    Francisco pretends like he’s not aware when he gets called out on LET threads but he’s 100% aware of what’s going on with his IP ranges, there’s a good chance if you’re reading this you have received spam in the past from BuyVM servers

    #5737 Reply
    Mason
    Guest
    #5738 Reply
    Linda
    Guest

    but…but our team was too small to take action bro!!

    #5739 Reply
    Ashley
    Guest

    https://lowendspirit.com/discussion/3007/medication-spam-hosted-by-buyvm

    Received: from doktor5.dokpotenz.eu (doktor5.dokpotenz.eu [107.189.5.155])
    Received: from smtp2.doktorapotheke.nl (smtp2.doktorapotheke.nl [205.185.119.171])
    Received: from mta4.blmserver.de (mta4.blmserver.de [209.141.51.44])
    Received: from zentrale5.mercedesnewsletter.de (zentrale5.mercedesnewsletter.de [104.244.78.216])
    Received: from mail4.doktorpillen.de (mail4.doktorpillen.de [209.141.46.118])
    Received: from mta3.blacklivesmatterapotheker.de (mta3.blacklivesmatterapotheker.de [198.98.53.241])
    Received: from mail2.shariahserver.de (mail2.shariahserver.de [205.185.117.37])
    Received: from mta8.apotheke-rezeptfrei.ch (mta8.apotheke-rezeptfrei.ch [205.185.118.175])
    Received: from schutz3.ultramailversand.de (schutz3.ultramailversand.de [107.189.30.111])
    Received: from zentrale3.mercedesnewsletter.de (zentrale3.mercedesnewsletter.de [104.244.77.94])
    Received: from mail10.tankstellenapotheker.de (mail10.tankstellenapotheker.de [198.98.57.149])
    Received: from mail0.groznyserver.de (mail0.groznyserver.de [107.189.31.247])

    All advertising same products, fake medication related to
    kunden24.com’ which is known for fake medication spam since 2012.

    I wonder why AS53667, who surely knows about the issue, does not act.

    #5740 Reply
    Matthew
    Guest

    blacklivesmatterapotheker.de

    🤔🤔🤔🤔

    #5742 Reply
    Andrew
    Guest

    so this why Francisco is trying to turn LET users against SlickStack lmfaoooo

    #5743 Reply
    Jessica
    Guest

    https://krebsonsecurity.com/2021/11/tech-ceo-pleads-to-wire-fraud-in-ip-address-scheme/

    White Hat Team
    November 25, 2021

    “….And above all we must not forget the hosts selling armored vps like frantech.ca buyvm.net which are used a lot by p*******e forums, zoophiles, phishing sites, botnets and etc … are they all accomplices or not? me on what I could see on their servers I said to myself that it might be time to step up and investigate them!”

    thots?

    #5744 Reply
    Patricia
    Guest

    apparently there’s a dark side of Lowendtalk I wasn’t aware of, how many of those f*****s are involved with illegal and unethical s**t???

    #5745 Reply
    Sean
    Guest

    Remember this :

    https://www.itexperst.at/it-betruegereien-verwenden-als-schaltzentrale-haeufig-us-datenzentren-12622.html

    In early April, the researchers at Bromium Labs published their findings in detail. Accordingly, the hacker group began its actions in May 2018. In March 2019 it was all over again. During that period, five groups of banking Trojans, two groups of ransomware, and three different forms of malware were used to distribute bulk scam emails on behalf of other criminals via 11 different web servers owned by the Nevada hosting company BuyVM. There is no evidence that the servers were ever used for legitimate purposes, according to Bromium Labs, only to host and distribute malware. BuyVM is known in the US for its cheap web hosting plans. About 53,000 IP addresses are currently registered via BuyVM.

    #5751 Reply
    Catherine
    Guest

    A lot if because Buyvm allows TOR exit nodes

    #5752 Reply
    Lauren
    Guest

    https://cleantalk.org/blacklists/209.141.42.126

    209.141.42.126 reported as spam and brute force attacks
    92 websites attacked, discovered Mar 24, 2023

    209.141.42.207(torexit.buyvm.net)

    #5754 Reply
    Joseph
    Guest
    #5755 Reply
    Walter
    Guest

    Mapping Out a Malware Distribution Network

    English article about that Bromium report from a few years ago mapping out the many malware networks that BuyVM was supporting

    Mapping Out a Malware Distribution Network

    — More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns.

    — Malware families include Dridex, GandCrab, Neutrino, IcedID and others.

    — Evidence suggests the existence of distinct threat actors: one responsible for email and malware hosting, and others that operate the malware.

    — Indications that the servers are part of Necurs botnet malware-hosting infrastructure.

    #5950 Reply
    Betty
    Guest

    a lot of people have known this for years.

    #5951 Reply
    Marilyn
    Guest

    I like how Jarland goes around LET trashing providers who are “known spammers” but never has anything bad to say about BuyVM. Why is that I wonder? (seriously, I am wondering why. I want to know)

    #5952 Reply
    Eugene
    Guest

    https://scamalytics.com/ip/isp/frantech-solutions

    more wows.

    We consider FranTech Solutions to be a potentially medium fraud risk ISP, by which we mean that web traffic from this ISP potentially poses a medium risk of being fraudulent. Other types of traffic may pose a different risk or no risk. They operate 67,797 IP addresses, almost all of which are running anonymizing VPNs, public proxies, servers, and Tor exit nodes.

    #6441 Reply
    Dylan
    Guest

    Fran has said many times he doesn’t allow spammers even in TOS

    https://buyvm.net/acceptable-use-policy/

    1,3,3 – Knowingly permitting or hosting Malicious Content is grounds for immediate termination, and a permanent ban from any future service.

    #6442 Reply
    Brandon
    Guest

    And yet somehow, half his customers are spammers? @Dylan

    Seems to be bullshit AUP to pretend he has standards, or to selectively ban customers who he has other beef with perhaps

    #6443 Reply
    Christian
    Guest

    https://www.bleepingcomputer.com/news/security/265-researchers-take-down-100-000-malware-distribution-websites/

    In this malware study, Frantech and ColoCrossing took longer to remove reported dozens of malware websites from their servers than any other providers besides Chinese ones. Even the Russians responded faster than both of them…

    #6444 Reply
    Ruth
    Guest

    nuts.

    #6455 Reply
    Amanda
    Guest

    begs the question, how close is ColoCrossing with Francisco 👀

Viewing 22 posts - 1 through 22 (of 22 total)
Reply To: BuyVM is a huge sponsor of email spam and malware

Thanks to our generous sponsors for their support!