Автор: blog

Return-Path: <nuaepasett@gmail.com> Received: from mail-oo1-f69.google.com (mail-oo1-f69.google.com [209.85.161.69]) by [] (8.14.7/8.14.7) with ESMTP id [] (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK) for []; Thu, 21 Jan 2021 02:[]:[] -0500 Authentication-Results: [] Received: by mail-oo1-f69.google.com with SMTP id [] for []; Wed, 20 Jan 2021 23:[]:[] -0800 (PST) DKIM-Signature: [] X-Google-DKIM-Signature: [] X-Gm-Message-State: [] X-Google-Smtp-Source:[] MIME-Version: 1.0 X-Received: by… Читать далее Spam source

Received: from isp.warplink.ch (isp.warplink.ch. [79.125.106.117]) by mx.google.com with ESMTPS id [] for <[]@gmail.com> (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 21 Jan 2021 19:0x:xx -0800 (PST) Received: from instance-14.us-east4-b.c.s-k-il.internal (130.137.245.35.bc.googleusercontent.com [35.245.137.130]) by isp.warplink.ch (Postfix) with ESMTP id [] for <[]@gmail.com>; Fri, 22 Jan 2021 04:0x:xx +0100 (CET) Subject: []@gmail.com From: «Unity National Bank» <Bank@bcmsa.ch> Date: Fri, 22 Jan… Читать далее spam emitter @35.245.137.130

Received: from ernie.php-friends.de (176.96.136.51) Date: Thu, 21 Jan 2021 22:1x:xx +0000 Subject: Your photo has been successfully published From: Google Photos Library <doborbcevvx@mail2kelly.com> http://keyzorg.info/furiousab.php?utm_source=google&utm_medium=adwords&utm_campaign=uipybiib => http://itourlife.top/ keyzorg.info. 86400 IN A 185.27.142.111 itourlife.top. 600 IN A 35.197.252.30 also: 35.197.252.30|d210122.getprize.top|2021-01-22 16:16:52 35.197.252.30|ipgqbjcenu42.top|2021-01-22 10:36:15 35.197.252.30|nl-260.ru|2021-01-20 04:19:15 35.197.252.30|nl-819.ru|2021-01-20 05:49:39 35.197.252.30|www.nl-819.ru|2021-01-20 05:48:11 35.197.252.30|www.nl-825.ru|2021-01-20 05:48:07 35.197.252.30|www.nl-891.ru|2021-01-20 05:48:22

Received: from fvlmi.gerasis.net (20.84.88.196) From: Theragun | Client service . Subject: Claim your chance [] to Test & Keep the NEW Theragun worth £500 | Free home delivery. Date: Mon, 25 Jan 2021 18:3x:xx +0100 URL: https://www.tyre-stick.com/[]/?creative_id=8002 Server IP address is 35.186.245.208 => Location: https://vam.actiondecisionvalid.com/?s1=[]&kw=511&s2=511&s3= Server IP address is 191.101.6.14

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://helpcopyright.click/arxlyfpsb.php Host: helpcopyright.click IP address: 34.67.216.177 Hostname: 177.216.67.34.bc.googleusercontent.com

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://helpcopyright.click/wp-content/themes/festive/languages/JST10x.php Host: helpcopyright.click IP address: 34.67.216.177 Hostname: 177.216.67.34.bc.googleusercontent.com

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://lezz-etci.com/xavqpgdjonsh.php Host: lezz-etci.com IP address: 34.78.201.129 Hostname: 129.201.78.34.bc.googleusercontent.com

The host at this IP address is being (ab)used to «listbomb» email addresses: From: brp394sandeep@gmail.com Subject: E-Waste (Buy Back)-Management Company Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address (172.217.19.206) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://sites.google.com/site/stormqk/dn/StormAgent.apk?attredirects=0 AS number: AS15169 AS name: GOOGLE Hostname: ams16s31-in-f14.1e100.net

Stolen credit card data websites: cvvstore.cc. 599 IN A 35.188.126.240 kingscard.cc. 599 IN A 35.188.126.240 ug4all.ru. 599 IN A 35.188.126.240 trdbin.su. 599 IN A 35.188.126.240 35.188.126.240 dstore.su 2021-04-11 10:35:28 _________________ Was: kingscard.cc. 599 IN A 103.209.102.141 kingscard.cc. 599 IN A 94.242.58.188 cvvstore.cc. 600 IN A 103.209.102.141 cvvstore.cc. 600 IN A 94.242.58.188 ltdcc1.cc. 599 IN A… Читать далее Cybercriminal credit-card theft carding gang at: cvvstore.cc, cc4you.su, kingscard.cc etc.