BuyVM is a huge sponsor of email spam and malware
- This topic is empty.
-
AuthorPosts
-
May 28, 2023 at 11:30 pm #5735ThomasGuest
BuyVM is one of the worst reputation of IP addresses in the world. It has been like that for many years, Francisco LOVES spammers
https://www.abuseipdb.com/check/104.244.74.55
https://www.abuseipdb.com/check/104.244.73.205
“This IP was reported 2,486 times”
Hostname(s) LuxembourgTor5.lu
Luxembourg, LuxembourgMay 28, 2023 at 11:31 pm #5736AshleyGuestFrancisco pretends like he’s not aware when he gets called out on LET threads but he’s 100% aware of what’s going on with his IP ranges, there’s a good chance if you’re reading this you have received spam in the past from BuyVM servers
May 28, 2023 at 11:32 pm #5737May 28, 2023 at 11:33 pm #5738LindaGuestbut…but our team was too small to take action bro!!
May 28, 2023 at 11:34 pm #5739AshleyGuesthttps://lowendspirit.com/discussion/3007/medication-spam-hosted-by-buyvm
Received: from doktor5.dokpotenz.eu (doktor5.dokpotenz.eu [107.189.5.155])
Received: from smtp2.doktorapotheke.nl (smtp2.doktorapotheke.nl [205.185.119.171])
Received: from mta4.blmserver.de (mta4.blmserver.de [209.141.51.44])
Received: from zentrale5.mercedesnewsletter.de (zentrale5.mercedesnewsletter.de [104.244.78.216])
Received: from mail4.doktorpillen.de (mail4.doktorpillen.de [209.141.46.118])
Received: from mta3.blacklivesmatterapotheker.de (mta3.blacklivesmatterapotheker.de [198.98.53.241])
Received: from mail2.shariahserver.de (mail2.shariahserver.de [205.185.117.37])
Received: from mta8.apotheke-rezeptfrei.ch (mta8.apotheke-rezeptfrei.ch [205.185.118.175])
Received: from schutz3.ultramailversand.de (schutz3.ultramailversand.de [107.189.30.111])
Received: from zentrale3.mercedesnewsletter.de (zentrale3.mercedesnewsletter.de [104.244.77.94])
Received: from mail10.tankstellenapotheker.de (mail10.tankstellenapotheker.de [198.98.57.149])
Received: from mail0.groznyserver.de (mail0.groznyserver.de [107.189.31.247])All advertising same products, fake medication related to
kunden24.com’ which is known for fake medication spam since 2012.I wonder why AS53667, who surely knows about the issue, does not act.
May 28, 2023 at 11:36 pm #5740MatthewGuestblacklivesmatterapotheker.de
🤔🤔🤔🤔
May 28, 2023 at 11:39 pm #5742AndrewGuestso this why Francisco is trying to turn LET users against SlickStack lmfaoooo
May 28, 2023 at 11:41 pm #5743JessicaGuesthttps://krebsonsecurity.com/2021/11/tech-ceo-pleads-to-wire-fraud-in-ip-address-scheme/
White Hat Team
November 25, 2021“….And above all we must not forget the hosts selling armored vps like frantech.ca buyvm.net which are used a lot by pedophile forums, zoophiles, phishing sites, botnets and etc … are they all accomplices or not? me on what I could see on their servers I said to myself that it might be time to step up and investigate them!”
thots?
May 28, 2023 at 11:45 pm #5744PatriciaGuestapparently there’s a dark side of Lowendtalk I wasn’t aware of, how many of those f*****s are involved with illegal and unethical s**t???
May 28, 2023 at 11:55 pm #5745SeanGuestRemember this :
In early April, the researchers at Bromium Labs published their findings in detail. Accordingly, the hacker group began its actions in May 2018. In March 2019 it was all over again. During that period, five groups of banking Trojans, two groups of ransomware, and three different forms of malware were used to distribute bulk scam emails on behalf of other criminals via 11 different web servers owned by the Nevada hosting company BuyVM. There is no evidence that the servers were ever used for legitimate purposes, according to Bromium Labs, only to host and distribute malware. BuyVM is known in the US for its cheap web hosting plans. About 53,000 IP addresses are currently registered via BuyVM.
May 29, 2023 at 9:42 am #5751CatherineGuestA lot if because Buyvm allows TOR exit nodes
May 29, 2023 at 9:43 am #5752LaurenGuesthttps://cleantalk.org/blacklists/209.141.42.126
209.141.42.126 reported as spam and brute force attacks
92 websites attacked, discovered Mar 24, 2023209.141.42.207(torexit.buyvm.net)
May 29, 2023 at 9:48 am #5754JosephGuestPONYNET aka BuyVM is a bottomless pit
https://otx.alienvault.com/pulse/5f836f8af633f9b40822acf7
https://www.virustotal.com/gui/ip-address/198.251.80.214/relations
May 29, 2023 at 9:51 am #5755WalterGuestEnglish article about that Bromium report from a few years ago mapping out the many malware networks that BuyVM was supporting
Mapping Out a Malware Distribution Network
— More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns.
— Malware families include Dridex, GandCrab, Neutrino, IcedID and others.
— Evidence suggests the existence of distinct threat actors: one responsible for email and malware hosting, and others that operate the malware.
— Indications that the servers are part of Necurs botnet malware-hosting infrastructure.
June 7, 2023 at 5:45 pm #5950BettyGuesta lot of people have known this for years.
June 7, 2023 at 5:46 pm #5951MarilynGuestI like how Jarland goes around LET trashing providers who are “known spammers” but never has anything bad to say about BuyVM. Why is that I wonder? (seriously, I am wondering why. I want to know)
June 7, 2023 at 5:47 pm #5952EugeneGuesthttps://scamalytics.com/ip/isp/frantech-solutions
more wows.
We consider FranTech Solutions to be a potentially medium fraud risk ISP, by which we mean that web traffic from this ISP potentially poses a medium risk of being fraudulent. Other types of traffic may pose a different risk or no risk. They operate 67,797 IP addresses, almost all of which are running anonymizing VPNs, public proxies, servers, and Tor exit nodes.
July 1, 2023 at 8:13 pm #6441DylanGuestFran has said many times he doesn’t allow spammers even in TOS
https://buyvm.net/acceptable-use-policy/
1,3,3 – Knowingly permitting or hosting Malicious Content is grounds for immediate termination, and a permanent ban from any future service.
July 1, 2023 at 8:14 pm #6442BrandonGuestAnd yet somehow, half his customers are spammers? @Dylan
Seems to be bullshit AUP to pretend he has standards, or to selectively ban customers who he has other beef with perhaps
July 1, 2023 at 8:17 pm #6443ChristianGuestIn this malware study, Frantech and ColoCrossing took longer to remove reported dozens of malware websites from their servers than any other providers besides Chinese ones. Even the Russians responded faster than both of them…
July 1, 2023 at 8:23 pm #6444RuthGuestnuts.
July 2, 2023 at 7:11 am #6455AmandaGuestbegs the question, how close is ColoCrossing with Francisco 👀
May 20, 2024 at 10:06 pm #24981JeffreyGuestDoes anyone know where Francisco lives?
June 2, 2024 at 9:58 pm #25138AnthonyGuest -
AuthorPosts