Автор: blog

The host at this IP address (35.214.133.82) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://logotypfabriken.se/wp-content/balance/tdfu46666340722745c16g659jfn01hq5gs/ http://logotypfabriken.se/wp-content/private_sector/verifiable_warehouse/zlbzqr73_x5zt8y/ http://logotypfabriken.se/wp-content/GGtBFUWJ/ http://logotypfabriken.se/wp-content/Reporting/rzgw3z/2z00i0d3972969294660x7r68fvp3t90s/ AS number: AS15169 AS name: GOOGLE Hostname: 82.133.214.35.bc.googleusercontent.com

The host at this IP address (35.213.136.58) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://villamarand.com/lhuv78ktn.zip AS number: AS15169 AS name: GOOGLE Hostname: 58.136.213.35.bc.googleusercontent.com

The host at this IP address (35.214.179.142) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://cashyinvestment.org/wp-content/IH/ https://cashyinvestment.org/wp-content/SzziUCjtadL/ AS number: AS15169 AS name: GOOGLE Hostname: 142.179.214.35.bc.googleusercontent.com

Spammer hosting located here: https://storage.googleapis.com/da1ba2bf05e3154/567f99101c349ee#XX -> http://goodforus.globallivefromus.cloudns.cl/ —> https://beautynsport.com/X —> https://bobcoolgoodies.com/X —-> https://happywreward.com/X $ dig +short storage.googleapis.com 216.58.215.240 172.217.168.80 172.217.168.48 172.217.168.16 Spam sample ==================================================================== Received: from freetvguide.co.nz (static.44.150.181.135.clients.your-server.de [135.181.150.44]) by X (Postfix) with ESMTP id X for <X>; Mon, 4 Jan 2021 X List-Unsubscribe: <X> Date:Mon, 04 Jan 2021 X Message-Id:<X> Reply-To: [reply_to] To: X… Читать далее Spammer hosting @172.217.168.48

Spammer hosting located here: https://gfhdfhf.page.link/568b -> https://aptrk13.com/?a=X —> https://fn3gx.agileconnection.company/?s1=X —> https://fn3gx.zb1evjbofq.top/t/X —-> https://ultrapartners.net/redirect/id/30473/X ——> https://besuchvegas.com/de/?id=&affid=30473&m=X ——> https://www.vegas-ch.com/de/?id=&affid=30473&m=X $ dig +short aptrk13.com 35.204.93.160 Spam sample ============================================================ Received: from chello.at (afazers.club [185.32.126.38]) by X (Postfix) with ESMTP for <X>; Wed, 6 Jan 2021 X MIME-Version: 1.0 From: =?UTF-8?B?T2huZSBBdWZ3YW5kIE9obmUg?= <News@chello.at> Subject: =?UTF-8?B?IEVuZ2xpc2NoIHdpcmQgdm9uIGFsbGVpbiBnZWxlcm50ICE=?= Reply-To: News@chello.at Received: News@chello.at To: X… Читать далее Spammer hosting @35.204.93.160

Received: from 212.30.225.35.bc.googleusercontent.com ([35.225.30.212]:xx) Received: from 201-45-143-63.static.reverse.lstn.net (unknown [63.143.45.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by xxx; Wed, 6 Jan 2021 11:22:31 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ec2-201-63-143-45.creativescribbler.com; s=default; h=Message-ID:Date: Content-Type:Subject:To:Reply-To:From:MIME-Version:Sender:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=xxx Received: from 212.30.225.35.bc.googleusercontent.com ([35.225.30.212]:xx) by 10-4-43-174.cprapid.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim… Читать далее Spamming to harvested whois contacts

The host at this IP address is being (ab)used to «listbomb» email addresses: From: myrtlewhyte8@gmail.com Subject: Web Application Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order to… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address (34.78.29.249) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://lezz-etci.com/wp-content/mXxP/ AS number: AS15169 AS name: GOOGLE Hostname: 249.29.78.34.bc.googleusercontent.com

ms-shopdirect.su. 600 IN A 35.228.131.108 digitalms-shop.su. 600 IN A 35.228.131.108

Stolen credit card data sites. cardmafia.mn. 600 IN A 35.228.185.55 ______________________ cardmafia.mn. 600 IN A 185.228.233.14 ______________________ cardmafia.mn. 599 IN A 45.139.186.232 ______________________ Was: cardmafia.mn. 599 IN A 45.143.137.15 ______________________ Was: cardmafia.mn. 599 IN A 194.87.248.76 ______________________ Was: cardmafia.mn. 599 IN A 8.208.89.97 uniccshop.ru. 599 IN A 103.125.255.235 validshop.cc. 599 IN A 103.125.255.235 ______________________ Was:… Читать далее Russian carding fraud site/forums: cardmafia.mn (uniccshop.ru / validshop.cc / carder.su / carderpro.com / ccbase.biz / cpro.su)