Автор: blog

How long will it take Google to get to this one? 35.241.124.129 disatermessoge.shop 35.241.124.129 dlsatermessage.shop 35.241.124.129 aboutprouducts.shop 35.241.124.129 bocahteam.top 35.241.124.129 amsking.jp 35.241.124.129 nttdocomoo.top 35.241.124.129 dncoskm.com 35.241.124.129 docomoadmin.dncoskm.com 35.241.124.129 onlinadmina.top 35.241.124.129 dnttadd.com 35.241.124.129 onlinadmin.com ——————- aboutproducts.shop aboutprouducts.shop adadaea.top amazonatop.com amsking.jp anshinsecurity.top anshinsecurlty.shop bocahteam.top cpraae.top ddnttsad.com disatermessage.shop disatermessage.top disatermessoge.shop dlsatermessage.shop dlsatermessoge.shop dncoskm.com dnttadd.com dnttadmin.com dpayment.top jsekinea.cc nttdocoomo.top… Читать далее Phish landing sites.

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.239.113.160 on port 5050 TCP: $ telnet 35.239.113.160 5050 Trying 35.239.113.160… Connected to 35.239.113.160. Escape character… Читать далее njrat botnet controller @35.239.113.160

All these and more land here. amazoncojpblockmss.gq amazonjapanamemu.ga amazonjapanamemu.gq amazonjapanamemu.ml amazonjapancomori.cf amazonjapancomori.ga amazonjapancotaken.cf amazonjapancotaken.gq amazonjapancotaken.tk amazonjapanossblock.cf amazonjpcoblock.cf amazonjpcormori.cf amazonjpcormori.tk backccounto.cf backccounto.ml ddo.jp <— dynamic dns service, lossbackaccount.cf middleventamaz.cf myvnc.com <— dynamic dns service, requactblack.cf requactblack.gq

9/21/2021: The domain webinarninja.com is continuing to send spam, through both Mailchimp and Sendgrid. Please note the previous SBL listing, included beneath this one, for a track record. Received: from o31.ck.m.convertkit.com (o31.ck.m.convertkit.com [149.72.157.114]) Date: Thu, 16 Sep 2021 12:15:44 +0000 (UTC) From: Omar Zenhom <support@webinarninja.com> Subject: We can’t charge this much anymore. <snip> ******************* Prices… Читать далее webinarninja.com

The host at this IP address is being (ab)used to «listbomb» email addresses: From: ICYS ExCom <icecoreys@gmail.com> Subject: Zoom Link — ICYS 9th Seminar September 23rd 07:00-08:00 UTC Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages… Читать далее Abused / misconfigured newsletter service (listbombing)

Return-Path: <dbruke@leadsattributes.com> Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by [] (8.14.7/8.14.7) with ESMTP id [] (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK) for []; Fri, 24 Sep 2021 13:[]:[] -0400 Authentication-Results: [] Received: by mail-pf1-f195.google.com with SMTP id [] for []; Fri, 24 Sep 2021 10:[]:[] -0700 (PDT) DKIM-Signature: [] X-Google-DKIM-Signature:[] X-Gm-Message-State: [] X-Google-Smtp-Source: [] X-Received: by 2002:aa7:848c:0:b0:43f:cbf8:49af with… Читать далее Spam source — list sales

payypaisecureeaccounzxb.com has address 34.106.145.113 payypaisecureeaccounzxg.com has address 34.106.145.113

https://irs.gov.irs-september.com/?irsgov $ host irs.gov.irs-september.com irs.gov.irs-september.com has address 34.150.136.18

hXXps://irs.gov.3rd-paymentreceive.com/?irsgov $ host irs.gov.3rd-paymentreceive.com irs.gov.3rd-paymentreceive.com has address 34.85.254.141

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.194.62.150 on port 80 (using HTTP GET): hXXp://35.194.62.150/loader.php $ nslookup 35.194.62.150 150.62.194.35.bc.googleusercontent.com Referencing malware binaries (MD5 hash): a7d8a48297c4927fd6d9fa9bfd224871 — AV detection: 9… Читать далее Malware botnet controller @35.194.62.150