Рубрика: amazon.com

Received: from fujimaru.org ([157.65.164.67]) by [] with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <admin@fujimaru.org>) id [] for []; Tue, 11 Jan 2022 23:0x:xx +0000 Received: from unknown (HELO www.outlook.com) (admin@fujimaru.org@45.76.48.56) by dc63.etius.jp (157.65.164.67) with ESMTPA; 12 Jan 2022 08:0x:xx +0900 Reply-To: hello.equipe@hotmail.com From: «CanadaPost*» <admin@fujimaru.org> Subject: Delivery Notification for Item / Avis de livraison… Читать далее Phish spam site @52.216.30.46

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.67.194.250 on port 80 (using HTTP GET): hXXp://ec2-52-67-194-250.sa-east-1.compute.amazonaws.com/INFECT_JANEIRO01/xcvbnhjuiyrtrtrt.php $ dig +short ec2-52-67-194-250.sa-east-1.compute.amazonaws.com 52.67.194.250 $ nslookup 52.67.194.250 ec2-52-67-194-250.sa-east-1.compute.amazonaws.com Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @52.67.194.250

xd94q.hp.peraichi.com [13.249.74.34]

The host at this IP address is being (ab)used to «listbomb» email addresses: From: Quirk Chevrolet MA <leads@chevy.quirkautodealers.net> Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order to… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: Quirk Chevrolet MA <leads@chevy.quirkautodealers.net> Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order to… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.91.91.127 on port 3071 TCP: $ telnet 3.91.91.127 3071 Trying 3.91.91.127… Connected to 3.91.91.127. Escape character… Читать далее BitRAT botnet controller @3.91.91.127

Received: from kcserver.thulo.com (HELO kcserver.thulo.com) (202.51.74.104) by mx.spamhaus.org (qpsmtpd/0.80) with ESMTP; Thu, 06 Jan 2022 14:51:59 +0000 Received: from ec2-18-215-159-136.compute-1.amazonaws.com ([18.215.159.136]:51878 helo=mailservers.com) by kcserver.thulo.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <support@mailservers.com>) id 1n5U7Q-00CxMM-Eh for sbl-autonotify@spamhaus.org; Thu, 06 Jan 2022 20:36:55 +0545 From: Server Notification <support@mailservers.com> Subject: Account Verification Mail for sbl-autonotify@spamhaus.org Date: 06… Читать далее Phish spam source @18.215.159.136

Received: from b232-9.smtp-out.ap-southeast-2.amazonses.com (b232-9.smtp-out.ap-southeast-2.amazonses.com. [69.169.232.9]) Date: Sun, 2 Jan 2022 11:3x:xx +0000 From: HeroBook Game <news@herobook.io> Subject: HeroBook launches Airdrop program

18.118.83.62|case08verify.tk|2022-01-02 20:06:05 18.118.83.62|csh-validate.cf|2022-01-02 20:11:06 18.118.83.62|my-citi.cf|2021-12-27 20:06:17 18.118.83.62|schwverify.cf|2022-01-02 20:30:54 18.118.83.62|secured0.cf|2021-12-28 06:46:30

3.142.53.243|53secureverify.com|2022-01-01 19:11:01 3.142.53.243|53updateverify.com|2022-01-01 19:11:12 3.142.53.243|securedmtbank.com|2022-01-01 14:06:26 3.142.53.243|securemtbankaccount.com|2022-01-01 14:11:02 3.142.53.243|securemtbankcard.com|2022-01-01 14:50:56 3.142.53.243|securemtbankupdate.com|2022-01-01 14:35:57 3.142.53.243|securemtbankverify.com|2022-01-01 14:36:10 3.142.53.243|www3mtbankaccess.com|2022-01-01 23:40:54 3.142.53.243|www3mtbankaccessdirect.com|2022-01-02 00:20:57 3.142.53.243|www3mtbankaccessservices.com|2022-01-02 00:20:54 3.142.53.243|www3mtbankonline.com|2022-01-02 00:21:02