Автор: blog

The host at this IP address (216.58.208.106) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://firebasestorage.googleapis.com/v0/b/dksloey-dukun.appspot.com/o/Firehack.apk?alt=media&token=661aeab2-e1cf-4889-869a-930b8860a823 https://firebasestorage.googleapis.com/v0/b/website-36d25.appspot.com/o/PO_RFQ_1407000525xlsx.jar?alt=media&token=bd527770-a983-4990-b45a-d690eef9f3ab AS number: AS15169 AS name: GOOGLE Hostname: sof01s11-in-f106.1e100.net

The host at this IP address (130.211.137.50) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://hmbwgroup.com/wp-includes/js/tinymce/themes/inlite/ali.exe http://hmbwgroup.com/wp-includes/js/tinymce/themes/inlite/fr.exe http://hmbwgroup.com/wp-includes/js/tinymce/themes/inlite/thai.exe http://hmbwgroup.com/wp-includes/js/tinymce/themes/inlite/bnt.exe http://hmbwgroup.com/wp-includes/js/tinymce/themes/inlite/yu.exe AS number: AS15169 AS name: GOOGLE Hostname: 50.137.211.130.bc.googleusercontent.com

The host at this IP address is being (ab)used to «listbomb» email addresses: From: Whmcs Global Services <info@whmcsglobalservices.com> Subject: WHMCS one page checkout v1.0.4 Released Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email… Читать далее Abused / misconfigured newsletter service (listbombing)

2020-07-23 update Problem still exists, spammer hosting located here: http://sa3ssdwefweatkom.diskstation.org/r.php?t=XXX -> https://towelred.com/?a=XXX —> https://click.powerplaypoints.com/click/XXX —> https://winorama77.com/lp/de/MagicFairies/index.html?Inc=XXX $ dig +short towelred.com 34.91.19.56 2020-05-22 update Received: from mail-io1-f72.google.com (mail-io1-f72.google.com [209.85.166.72]) From: Keto Intens <jeramy@panakota.xyz> Date: Fri, 22 May 2020 19:5x:xx -0400 Subject: Gratis Keto Burn Formula uitproberen! Nog 12 pakketten beschikbaar, zie hier >> <https://vogspa.com/?[]> *Wetenschappers zijn… Читать далее Spamvertised website

The host at this IP address (172.217.20.84) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://adobepdf-com.uc.r.appspot.com/Legal_debt_recovery_process_pdf.jar AS number: AS15169 AS name: GOOGLE — Google LLC Hostname: ams15s33-in-f20.1e100.net

The host at this IP address (216.58.214.16) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6cd19c87f44r9fOMiT/Base64Jef.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6cbd811626fvoj29vW/base64.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6ca94027662Tilxa4P/base.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6e2cbda22efXk3T7X2/base64.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6e2f6c8c5aduP2Yiwx/basejefin.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6eb2aa215a8CVWCf6s/fudjs.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6eab37b8dadMY1gX7C/base3.5.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c7921a2cf26cUnJcGVm/nanocoregomes.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6fd6b4eb1c08aAMus8/go.jpeg https://storage.googleapis.com/wzukusers/user-34654398/documents/5c9e24cc08a4dLmV7CJO/CDT.txt AS number: AS15169 AS name: GOOGLE Hostname: lhr26s05-in-f16.1e100.net

Google hoss the A record and webise of the domain lp01jtrk.com, which provides redirection services in spam sent to advertise the domain everydaywinner.com. The spam is sent to email addressees scraped from websites and similar public forums. The spammer appears to be listwshing email addresses scraped from websites with phoney confirmation emails. Any response to… Читать далее lp01jtrk.com (Spam redirector)

The host at this IP address (172.217.17.112) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6cd19c87f44r9fOMiT/Base64Jef.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6cbd811626fvoj29vW/base64.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6ca94027662Tilxa4P/base.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6e2cbda22efXk3T7X2/base64.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6e2f6c8c5aduP2Yiwx/basejefin.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6eb2aa215a8CVWCf6s/fudjs.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6eab37b8dadMY1gX7C/base3.5.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c7921a2cf26cUnJcGVm/nanocoregomes.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6fd6b4eb1c08aAMus8/go.jpeg https://storage.googleapis.com/wzukusers/user-34654398/documents/5c9e24cc08a4dLmV7CJO/CDT.txt AS number: AS15169 AS name: GOOGLE — Google LLC Hostname: ams15s29-in-f112.1e100.net

The host at this IP address (35.214.96.217) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://inspocoach.com/qvbffy/C/S792vXc3L.zip https://inspocoach.com/xcofiyggsnhy/jeXAphNdW3.zip https://inspocoach.com/qvbffy/I/oTCOavFZG.zip https://inspocoach.com/xcofiyggsnhy/r1ZbbE7YB9.zip https://inspocoach.com/hohesrc/2B/bJ/akM76OqS.zip https://inspocoach.com/hohesrc/o/271PhcFaW.zip https://inspocoach.com/hohesrc/FR32f8nOta.zip https://inspocoach.com/hohesrc/q/hRTA4ldin.zip AS number: AS15169 AS name: GOOGLE Hostname: 217.96.214.35.bc.googleusercontent.com

The host at this IP address (35.208.186.108) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://aksidcorp.com/ufnzabpih/y2duMJtMTl.zip https://aksidcorp.com/kkmyw/cve6xBGHzH.zip https://aksidcorp.com/kkmyw/SU/RT/U92u0Ia0.zip https://aksidcorp.com/ufnzabpih/ervmKfmw9T.zip AS number: AS15169 AS name: GOOGLE Hostname: 108.186.208.35.bc.googleusercontent.com