Автор: blog

The host at this IP address (13.107.43.12) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://mxpiqw.am.files.1drv.com/y4mDtg18tb7DDYTw-BP_WtV3wbPvPjW0256lBBVyMyuebLHkGZ0YlMvqMu765wzll9WMQtk4JSFiryJPIPYuVwmFtHwJojEPaX_Kgavqfg7Wqah59QJt6TuiziVma5hqjn2gfbONlH3PBOjwxvkV7NaTWqHG3Ko36pX_GjM_UajFjeeW2tqlUWPkQVOWmOAb5V0VrDLA3dwat0bVxfjxmm0TQ AS number: AS8068 AS name: MICROSOFT-CORP-MSN-AS-BLOCK

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.190.63.69 on port 8600 TCP: $ telnet 20.190.63.69 8600 Trying 20.190.63.69… Connected to 20.190.63.69. Escape character… Читать далее AveMariaRAT botnet controller @20.190.63.69

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 104.41.44.79 on port 1912 TCP: $ telnet 104.41.44.79 1912 Trying 104.41.44.79… Connected to 104.41.44.79. Escape character… Читать далее Malware botnet controller @104.41.44.79

The host at this IP address is being (ab)used to «listbomb» email addresses: From: daniellorenws@outlook.com Subject: Re: follow up. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is emitting spam emails. Spam sample ========================================= From: ratneshsinghbbn@outlook.com Subject: Website Services… =========================================

The host at this IP address is being (ab)used to «listbomb» email addresses: From: nunezhughesrw@outlook.com Subject: Re: Website Re:DND.! Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order… Читать далее Abused / misconfigured newsletter service (listbombing)

Received: from noreply.memberupload.com ([20.70.176.145]) Subject: =?UTF-8?B?TmV0ZmxpeCBzdXNwZW5kZWQgLSBMYXN0IHJlbWluZGVyIHRvIHVwZGF0ZSB5b3VyIGluZm9ybWF0aW9u?= Subject: Netflix suspended — Last reminder to update your information X-PHP-Originating-Script: 0:Alexusp.php From: =?UTF-8?B?TmV0ZmxpeA==?= <info@noreply.memberupload.com> Reply-To: info@noreply.memberupload.com Message-Id: <XXXXXXXX@noreply.memberupload.com> Date: Fri, 22 Jan 2021 XXXX +0000 (UTC) Your account is suspended Last reminder: update your payment information We are experiencing difficulties with your last billing invoice. you should update… Читать далее Phishing server

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://extremejoy.live/beptjd.php Host: extremejoy.live IP address: 40.83.77.49 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://extremejoy.live/wp-includes/css/dist/nux/JST10x.php Host: extremejoy.live IP address: 40.83.77.49 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://gabrieljuliano.com.br/JST10x.php Host: gabrieljuliano.com.br IP address: 191.232.38.77 Hostname: n/a