blog — Страница 368

njrat botnet controller @34.89.104.171

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 91.109.188.3 on port 5050 TCP: $ telnet 34.89.104.171 5050 Trying 34.89.104.171… Connected to 34.89.104.171. Escape character… Читать далее njrat botnet controller @34.89.104.171

Junk mail.

This server is operating under the delusion that it is «bizcloud-power.yni.ac.jp» It is not, despite delusions otherwise: 220 ynu.ac.jp ESMTP Postfix 250-ynu.ac.jp Just one of 10000 or more… Received: from [143.198.137.97] ([143.198.137.97]) From: x Survey <webmaster@x<mailto:webmaster@x>> To: x<mailto:x> Subject: Survey Message Date: 25 Jul 2021 x +0200

Malware distribution from 46.101.135.220

Package delivery fraud spam. Payload redirects to Google on desktop and anything that geolocates wrong, actual Android malware otherwise. Received: from Hostpoint.ch (unknown [46.101.135.220]) by x (Postfix) with ESMTP id x for <x>; Wed, 4 Aug 2021 ##:##:## +0200 (CEST) Precedence: Bulk To: x Subject: Din leveransadress är fel !!!!!! Reply-To: Postnord <admin900@Hostpoint.ch> From: Postnord… Читать далее Malware distribution from 46.101.135.220

email phishing.

Received: from mta0.groupeageco.ca (unknown [138.197.166.38]) From: OneDrive <ageco@groupeageco.ca> Subject: One New Message(x). To: x Date: Tue, 10 Aug 2021 x +0000 Total Pages: 1 Receive Time: 7:29:11 AM Transmit Time: 0.014 sec Document Name: HSBC_Payment_slip_for Outstanding 001005.pdf background-image: url(«file:///C:/Program%20Files/SuperMailer/mic.png»); form method=»post» action=»https://webbusinessindia.com/new-po.php»

Spamvertised website

Received: from s8.werteo.ru (werteo.ru [77.223.99.155]) Date: Wed, 18 Nov 2020 11:4x:xx +0000 From: Aleksandr <info@s8.werteo.ru> Subject: Предложение Website operated by SEO spammer: mayboroda.pro. 557 IN A 87.236.21.151 maiboroda.pro. 562 IN A 92.53.96.212 https://vk.com/prodvizheniyesaytov Поисковое продвижение сайта SEO Email: zakaz@aseom.ru Skype: mayboroda_aleks

Hosting fraud and/or phishing domains

Domains discovered by Spamhaus DBL system: avito-arendarf.ru avito-deliverytrack.ru azimutpayments.com boxberry-deliverytrack.ru capitall-msk.online copyrighthelp-about.ml dhl-dostavka.ru dostavista-deliverytrack.ru pochta-deliverytrack.ru ponyexpress-dostavka.ru yandex-nakladnaya.ru spisanie-dolgov-bankrotstvo-samara.ru rukredit-evropa-bank-lk.ru yandex-transit.ru

Botnet spamming for: pussy31.us

pussy31.us. 20239 IN A 185.50.25.55 Hithere , prettyboy . Can I tell them thank you very much interesting a place where dreams come true desires? What if I say what do you need to find the girl for there was no more sex much easier? You can check it out on our website. But… Читать далее Botnet spamming for: pussy31.us

Carding fraud site/forum: track2.shop

http://dumps.biz >>> https://track2.shop/ track2.shop. 599 IN A 185.50.25.33 dumps.biz. 299 IN A 104.31.85.67 dumps.biz. 299 IN A 104.31.84.67 dumps.biz. 299 IN A 172.67.208.70 ___________________ Was: ;; ANSWER SECTION: track2.shop. 599 IN CNAME url.dnspod.com. url.dnspod.com. 599 IN A 129.226.103.153 url.dnspod.com. 599 IN A 129.226.102.30 track2.shop. 599 IN A 91.189.114.6 ___________________ Was: track2.shop. 599 IN A 95.211.217.209… Читать далее Carding fraud site/forum: track2.shop

Emotet malware distribution @87.236.16.62 [compromise website]

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://adres-ug.ru/jkob.php Host: adres-ug.ru IP address: 87.236.16.62 Hostname: ssl.orion.beget.com

Emotet malware distribution @87.236.16.62 [compromise website]

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://climatch.ru/ktixa.php Host: climatch.ru IP address: 87.236.16.62 Hostname: ssl.orion.beget.com