The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.219.104 on port 80 (using HTTP POST): hXXp://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php $ dig +short 74f26d34ffff049368a6cff8812f86ee.gq 172.67.219.104 Referencing malware binaries (MD5 hash): 5e11788d890d97045cd8d830b25527f6 — AV detection:… Читать далее Loki botnet controller @172.67.219.104
Автор: blog
spamming spamtraps
Not sure how they got the email address here but this is just spam. Received: from mail02.enterprise.spectrum.com ([142.0.163.64]) From: «Spectrum Enterprise» <info@mktg.enterprise.spectrum.com> Date: 21 Oct 2021 13:XX:XX -0400 Subject: Work is changing in NYC. Get 6 months on us to adapt Limited time offer; subject to change. Get first 6 months free for qualifying services… Читать далее spamming spamtraps
DCRat botnet controller @185.146.157.136
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 185.146.157.136 on port 80 (using HTTP GET): hXXp://185.146.157.136/providerLinepythonflowercentral.php $ nslookup 185.146.157.136 d6war2mlcomazix3.fvds.ru Referencing malware binaries (MD5 hash): 7ec2862219365f2f7401a770e0bfc03a — AV detection: 4… Читать далее DCRat botnet controller @185.146.157.136
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: aidsmap bulletins <bulletins@bulletins.aidsmap.com> Subject: Coming soon: news from the 18th European AIDS Conference Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and… Читать далее Abused / misconfigured newsletter service (listbombing)
Snowshoe spam range
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=.*; h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type: List-Unsubscribe; i=.*@.*; bh=.*=; b=.* .* .*= Message-ID: .* Date: .* Subject: Here is your updates disability insurance. From: Manirul Hoque <.*@.*> Reply-To: cashsickpay@gmail.com To: .* MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=»_=_swift_163432.*_.*_=_» X-EMAIL-ID: .* List-Unsubscribe: <http://.*a.*in.*d.*s.*.co.*/email/unsubscribe/6169c.*2.*> —_=_swift_163432.*_.*_=_ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, I hope you’re doing well. My name… Читать далее Snowshoe spam range
Snowshoe spam range
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=.*; h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type: List-Unsubscribe; i=.*@.*; bh=.*=; b=.* .* .*= Message-ID: .* Date: .* Subject: Here is your updates disability insurance. From: Manirul Hoque <.*@.*> Reply-To: cashsickpay@gmail.com To: .* MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=»_=_swift_163432.*_.*_=_» X-EMAIL-ID: .* List-Unsubscribe: <http://.*a.*in.*d.*s.*.co.*/email/unsubscribe/6169c.*2.*> —_=_swift_163432.*_.*_=_ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, I hope you’re doing well. My name… Читать далее Snowshoe spam range
Snowshoe spam range
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=.*; h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type: List-Unsubscribe; i=.*@.*; bh=.*=; b=.* .* .*= Message-ID: .* Date: .* Subject: Here is your updates disability insurance. From: Manirul Hoque <.*@.*> Reply-To: cashsickpay@gmail.com To: .* MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=»_=_swift_163432.*_.*_=_» X-EMAIL-ID: .* List-Unsubscribe: <http://.*a.*in.*d.*s.*.co.*/email/unsubscribe/6169c.*2.*> —_=_swift_163432.*_.*_=_ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, I hope you’re doing well. My name… Читать далее Snowshoe spam range
Snowshoe spam range
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=.*; h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type: List-Unsubscribe; i=.*@.*; bh=.*=; b=.* .* .*= Message-ID: .* Date: .* Subject: Here is your updates disability insurance. From: Manirul Hoque <.*@.*> Reply-To: cashsickpay@gmail.com To: .* MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=»_=_swift_163432.*_.*_=_» X-EMAIL-ID: .* List-Unsubscribe: <http://.*a.*in.*d.*s.*.co.*/email/unsubscribe/6169c.*2.*> —_=_swift_163432.*_.*_=_ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, I hope you’re doing well. My name… Читать далее Snowshoe spam range
Snowshoe spam range
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=.*; h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type: List-Unsubscribe; i=.*@.*; bh=.*=; b=.* .* .*= Message-ID: .* Date: .* Subject: Here is your updates disability insurance. From: Manirul Hoque <.*@.*> Reply-To: cashsickpay@gmail.com To: .* MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=»_=_swift_163432.*_.*_=_» X-EMAIL-ID: .* List-Unsubscribe: <http://.*a.*in.*d.*s.*.co.*/email/unsubscribe/6169c.*2.*> —_=_swift_163432.*_.*_=_ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, I hope you’re doing well. My name… Читать далее Snowshoe spam range
Snowshoe spam range
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=.*; h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type: List-Unsubscribe; i=.*@.*; bh=.*=; b=.* .* .*= Message-ID: .* Date: .* Subject: Here is your updates disability insurance. From: Manirul Hoque <.*@.*> Reply-To: cashsickpay@gmail.com To: .* MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=»_=_swift_163432.*_.*_=_» X-EMAIL-ID: .* List-Unsubscribe: <http://.*a.*in.*d.*s.*.co.*/email/unsubscribe/6169c.*2.*> —_=_swift_163432.*_.*_=_ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, I hope you’re doing well. My name… Читать далее Snowshoe spam range