Автор: blog

The host at this IP address (172.217.20.112) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6cd19c87f44r9fOMiT/Base64Jef.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6cbd811626fvoj29vW/base64.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6ca94027662Tilxa4P/base.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6e2cbda22efXk3T7X2/base64.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6e2f6c8c5aduP2Yiwx/basejefin.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6eb2aa215a8CVWCf6s/fudjs.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6eab37b8dadMY1gX7C/base3.5.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c7921a2cf26cUnJcGVm/nanocoregomes.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6fd6b4eb1c08aAMus8/go.jpeg https://storage.googleapis.com/wzukusers/user-34654398/documents/5c9e24cc08a4dLmV7CJO/CDT.txt AS number: AS15169 AS name: GOOGLE — Google LLC Hostname: ams17s01-in-f16.1e100.net

The host at this IP address (172.217.168.208) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6cd19c87f44r9fOMiT/Base64Jef.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6cbd811626fvoj29vW/base64.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6ca94027662Tilxa4P/base.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6e2cbda22efXk3T7X2/base64.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6e2f6c8c5aduP2Yiwx/basejefin.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6eb2aa215a8CVWCf6s/fudjs.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6eab37b8dadMY1gX7C/base3.5.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c7921a2cf26cUnJcGVm/nanocoregomes.txt https://storage.googleapis.com/wzukusers/user-34654398/documents/5c6fd6b4eb1c08aAMus8/go.jpeg https://storage.googleapis.com/wzukusers/user-34654398/documents/5c9e24cc08a4dLmV7CJO/CDT.txt AS number: AS15169 AS name: GOOGLE — Google LLC Hostname: ams16s32-in-f16.1e100.net

The host at this IP address (35.209.80.177) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://www.robertmcardle.com/Teaching/Exercises/samples/7z.exe AS number: AS19527 AS name: GOOGLE-2 — Google LLC Hostname: 177.80.209.35.bc.googleusercontent.com

The host at this IP address (35.208.35.183) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://swwbia.com/wp-content/dhBECYF/ http://swwbia.com/wp-content/report/6r4tx50vzr0s/lr-5057657382-842623938-6fqevqwr-zcwlk/ AS number: AS19527 AS name: GOOGLE-2 — Google LLC Hostname: 183.35.208.35.bc.googleusercontent.com

The host at this IP address (35.207.107.141) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://www.skyscan.com/shample/shample_fixed.exe AS number: AS19527 AS name: GOOGLE-2 Hostname: 141.107.207.35.bc.googleusercontent.com

The host at this IP address is being (ab)used to «listbomb» email addresses: From: sega503store@gmail.com Subject: We now have face masks available! Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.208.227.83 on port 587 TCP: From: relogs@tiee.mx To: relogs@tiee.mx $ telnet 35.208.227.83 587 Trying 35.208.227.83… Connected… Читать далее AgentTesla botnet controller @35.208.227.83

7/24/2020: Webinar Complinace is back on Google under a new name and new domain names, a week after this SBL listing was removed. Google, did you not terminate your spamming customer? Received: from a27-140.smtp-out.us-west-2.amazonses.com (a27-140.smtp-out.us-west-2.amazonses.com [54.240.27.140]) Date: Thu, 23 Jul 2020 16:##:## +0000 From: QRC Expert<info@compliance.trainingevent.online> Subject: Understanding and Implementing a QbD Program <snip> Phone… Читать далее trainingevent.online (was fda-information.com (Webinar Compliance))

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.206.125.238 on port 587 TCP: From: duke@rexpo.com To: duke@rexpo.com $ telnet 35.206.125.238 587 Trying 35.206.125.238… Connected… Читать далее AgentTesla botnet controller @35.206.125.238

2020-10-16 Received: from hotmail.com (103.251.83.14 [103.251.83.14]) Date: Fri, 16 Oct 2020 18:42:55 +0400 From: «Vanessa» <magnesiumgramou@hotmail.com> Subject: [For Your Eyes Only] — Casino no deposit welcome URL: http://bit.do/fKaCH Server IP address is 54.83.52.76 => Location: http://go.affalliance.com/visit/?bta=35925&nci=21065&campaign=5 Server IP address is 35.234.82.254 => Location: https://bovegasgo.com/en/w/?lp=PANDABOO&code=25BAMBOO&gaid=5&trackingID=35925_457691 Server IP address is 104.31.93.128 ———————————————————— 2020-10-08 Received: from hotmail.com (50-205-119-150-static.hfc.comcastbusiness.net… Читать далее affiliate spam @affalliance.com