Рубрика: amazon.com

Received: from sendib.xyz (272981.simplecloud.ru. [85.143.217.4]) From: «ACE HARDWARE» <aka47300@myfairpoint.net> Subject: Congrats! You’ve Been Selected For $50 Ace Hardware Reward!! Date: Wed, 26 Jan 2022 07:3x:xx -0500 http://email.premieragent.com/c/[] 52.200.126.33 https://hatios.com/[] 146.185.253.104 http://idealjus.com/?a=57&c=21275&p=r&s1=472087&s2=[]&s3=[] 159.89.240.106 http://tasteserc.com/?a=57&c=21275&p=r&s1=472087&s2=[]&s3=[] 138.68.36.200 https://www.surveytown.co/p_v3/ha/?flow=10&a=57&s1=472087&s2=[]&r=[]&o=5013&t=rs&email=#email# 138.197.55.150

[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. w 54.240.10.18 a10-18.smtp-out.amazonses.com «a10-18.smtp-out.amazonses.com» 2022-01-21T00:00:00Z (+/-10 min) 54.240.10.18/32 (54.240.10.18 .. 54.240.10.18)… Читать далее spam source

The IP on this address has a tendency to forge other domains. This has been happening since at least December 3rd. example: alt4.gmail-smtp-in.l.google.com (Dec 29th~ hotmail.com (Dec 22 ~ 24) mx3.zoho.com (Dec 3 ~ 26)

Received: from ingation.com (37-72-172-10.static.hvvc.us. [37.72.172.10]) Subject: Confirmation Date: Sun, 30 Jan 2022 14:3x:xx +0100 From: «»McAfee»» <[]> https://s3.us-west-2.amazonaws.com/k79wnu4sn/[] => http://manitas.xyz//cl/2433_md/[] s3.us-west-2.amazonaws.com. 5 IN A 52.92.176.240 manitas.xyz. 60 IN A 107.155.135.3

54.183.228.197|citialerts01.com|2022-02-02 21:16:16 54.183.228.197|citizensalert02.com|2022-02-02 22:56:37

Received: from hmtmail.org (274039.simplecloud.ru. [85.143.175.115]) From: «3 Score Check» <[]> Subject: Your 2022 Transunion, Equifax and Experian Credit-Scores Date: Wed, 02 Feb 2022 15:3x:xx -0500 https://storage.googleapis.com/plowjuukikayokoo/[] 142.251.32.112 https://hatios.com/[]/ 146.185.253.104 https://trkot.cake.aclz.net/?a=351&oc=1074&c=206&s1=[]&s2=[] 44.235.169.181 https://www.freescore360.com/welcome/4p/d/[]?id=3931&ord=1&append=1&edata=472087&edata2=[]&edata3=&edata4=&edata5=&ckmreqid=[]&ckmat=1&siteId=210&cakeEventId=2&transid=[] 104.18.9.174

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.22.30.40 on port 17146 TCP: $ telnet 3.22.30.40 17146 Trying 3.22.30.40… Connected to 3.22.30.40. Escape character… Читать далее NanoCore botnet controller @3.22.30.40

Received: from 59cz.driveliker.org ([37.72.172.60]) Subject: Congrats: $90 For You! From: «[]» <[]@driveliker.org> Date: Thu, 03 Feb 2022 16:2x:xx +0100 http://driveliker.org/[] 193.160.32.178 https://zakatsnose.com/[] 111.90.141.164 https://dossierstage.com/?s1=350310&s2=[]&s3=2575&s4=1290&ow=&s10=31 172.67.196.99 https://ridersmoveing.com/[] 104.21.35.154 https://droptopz.com/click?s2=[]&s1=350310&s3=2575&trvid=10565&s4=1290&ow=8 52.205.18.96 https://track.clickbooth.com/c/aff?lid=1706037&subid1=350310&subid2=[] 34.200.87.205 https://www.fr2trk.com/9W598/55M6S/?uid=50&sub1=1706037&sub2=[]&sub3=50 34.117.12.47 https://www.smartfashiondaily.com/v1-prio/?_ef_transaction_id=[]&AFFID=7&C1=1706037&C2=[]&C3=50&click_id=[] 34.193.102.5

Received: from 59cz.driveliker.org ([37.72.172.60]) Subject: Congrats: $90 For You! From: «[]» <[]@driveliker.org> Date: Thu, 03 Feb 2022 16:2x:xx +0100 http://driveliker.org/[] 193.160.32.178 https://zakatsnose.com/[] 111.90.141.164 https://dossierstage.com/?s1=350310&s2=[]&s3=2575&s4=1290&ow=&s10=31 172.67.196.99 https://ridersmoveing.com/[] 104.21.35.154 https://droptopz.com/click?s2=[]&s1=350310&s3=2575&trvid=10565&s4=1290&ow=8 52.205.18.96 https://track.clickbooth.com/c/aff?lid=1706037&subid1=350310&subid2=[] 34.200.87.205 https://www.fr2trk.com/9W598/55M6S/?uid=50&sub1=1706037&sub2=[]&sub3=50 34.117.12.47 https://www.smartfashiondaily.com/v1-prio/?_ef_transaction_id=[]&AFFID=7&C1=1706037&C2=[]&C3=50&click_id=[] 34.193.102.5

Received: from fsav114.sakura.ne.jp (fsav114.sakura.ne.jp [27.133.134.241]) by X (8.15.2/8.15.2) with ESMTP id X for <X>; Sat, 5 Feb 2022 X (envelope-from taniguchi@nup.jp) Received: from www2259.sakura.ne.jp (182.48.49.199) by fsav114.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav114.sakura.ne.jp); Sat, 05 Feb 2022 X X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav114.sakura.ne.jp) Received: from ec2-3-113-24-245.ap-northeast-1.compute.amazonaws.com (ec2-3-113-24-245.ap-northeast-1.compute.amazonaws.com [3.113.24.245]) (authenticated bits=0) by www2259.sakura.ne.jp (8.15.2/8.15.2) with ESMTPA id X for <X>; Sat, 5 Feb 2022… Читать далее Phish source @3.113.24.245