blog — Страница 215

Phishing payload against OP Financial Group (Finland)

$ host op-paasy.work op-paasy.work has address 172.67.199.154 op-paasy.work has address 104.21.36.209 op-paasy.work has IPv6 address 2606:4700:3035::ac43:c79a op-paasy.work has IPv6 address 2606:4700:3033::6815:24d1

spam emitters

Received: from s5.megojom.ru (megojom.ru [77.244.217.2]) Date: Tue, 26 Oct 2021 06:0x:xx +0000 From: Aleksandr <info@s5.megojom.ru> Subject: Предложение 77.244.217.2 megojom.ru 77.244.217.3 tefalongo.ru 77.244.217.4 raferenco.ru 77.244.217.5 grehemon.ru

phishing sites

usainternalrevenueservice.com has address 162.213.251.20 Internal Revenue Service | An official website of the United States government

GCleaner botnet controller @65.21.114.241

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. GCleaner botnet controller located at 65.21.114.241 on port 80 (using HTTP GET): hXXp://gcl-gb.biz/check.php $ telnet 65.21.114.241 443 Trying 65.21.114.241… Connected to 65.21.114.241. Escape character is ‘^]’ gcl-gb.biz.… Читать далее GCleaner botnet controller @65.21.114.241

Malware distribution @51.89.115.113

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://51.89.115.113/44494.6379203704.dat $ nslookup 51.89.115.113 ip113.ip-51-89-115.eu

RedLineStealer botnet controller @3.17.66.208

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.17.66.208 on port 50383 TCP: $ telnet 3.17.66.208 50383 Trying 3.17.66.208… Connected to 3.17.66.208. Escape character… Читать далее RedLineStealer botnet controller @3.17.66.208

spam emitter @195.154.32.132

Received: from saepezrezo.urlweb.xyz ([195.154.32.132]) From: Jobs from Home <[]> Date: 10-24-2021 (EDT) Subject: $1,000+ 𝙥𝙚𝙧 𝙬𝙚𝙚𝙠 𝙛𝙧𝙤𝙢 𝙝𝙤𝙢𝙚 https://t.co/IZc9t0slWD http://trk.vmptoday.com/aff_c?offer_id=1967&aff_id=559 18.202.12.61 https://pionsures-poludes.com/[]?utm_tracking_id=922&utm_partner_name=vertigo&affiliate_id=559&utm_source=vertigo&utm_medium=publisher&externalid=[] 18.192.108.151 https://my10hourworkweek.com/us/?utm_tracking_id=922&utm_partner_name=vertigo&utm_source=vertigo&utm_medium=publisher&affiliate_id=559&first_id=&externalid=[]&clickid=[] 167.71.1.108

Spamvertised website

spam emitter @146.59.233.57

Received: from popskateshop.com (vps-1e8d6f7a.vps.ovh.net. [146.59.233.57]) by mx.google.com with ESMTPS id t5si20269015wrg.356.2021.10.24.02.28.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Oct 2021 02:2x:xx -0700 (PDT) Received: from [212.193.30.146] (unknown [212.193.30.146]) by popskateshop.com (Postfix) with ESMTP id []; Sun, 24 Oct 2021 09:2x:xx +0000 (UTC) Subject: Donation From: » Azim Premji Foundation» <comercital2@nerim.net> Date: Sun, 24 Oct 2021 02:2x:xx -0700… Читать далее spam emitter @146.59.233.57