Рубрика: amazon.com

Received: from a7-30.smtp-out.eu-west-1.amazonses.com (54.240.7.30) From: Confirmation<unsubscribe6918@sanjaysdiesel.shop> Subject: Unsubscribe_me Date: Thu, 2 Dec 2021 04:5x:xx +0000

citivalidatesecure.com 2021-12-02 04:16:34 secure-myaccvalidation.com 2021-12-01 22:31:41 myacc-secure.cf 2021-12-01 22:11:43 citisecure-validate09.cf 2021-12-01 22:11:37 securedvalidationmyinfo-securitycheck.cf 2021-12-01 21:47:06 myacc-validation.ml 2021-12-01 06:02:21 validationformsecure9.cf 2021-12-01 00:35:05 secure310set.com 2021-11-28 12:46:34 securitychecksecure.cf 2021-11-28 09:11:06 secureverification08.cf 2021-11-27 21:04:05 securedverify082.cf 2021-11-27 13:38:05 securedform8.cf 2021-11-27 01:16:34 secure08case.ml 2021-11-25 02:07:03 validateformsupport.cf 2021-11-23 15:57:44 securedformverify.online 2021-11-23 00:15:11 securedformverify.gq 2021-11-22 16:01:05 secureformvalidation.cf 2021-11-22 03:25:05 securevalidationcase.com 2021-11-21 21:36:36

Received: from c177-55.smtp-out.ap-northeast-2.amazonses.com (76.223.177.55) Date: Mon, 29 Nov 2021 20:2x:xx +0000 From: Évaluation voiture <no_reply@hanjin.co.kr> Subject: Prix en ligne pour votre voiture

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 3.145.25.98 on port 80 (using HTTP POST): hXXp://domynuts.ga/accounts/fre.php $ dig +short domynuts.ga 3.145.25.98 $ nslookup 3.145.25.98 ec2-3-145-25-98.us-east-2.compute.amazonaws.com Referencing malware binaries (MD5 hash):… Читать далее Loki botnet controller @3.145.25.98

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 54.218.207.65 on port 1177 TCP: $ telnet 54.218.207.65 1177 Trying 54.218.207.65… Connected to 54.218.207.65. Escape character… Читать далее STRRAT botnet controller @54.218.207.65

The host at this IP address is being (ab)used to «listbomb» email addresses: From: OMR Education <education@omr.com> Subject: Black Week Deals #5.1: Deine Weiterbildung für 2022 zum Sonderpreis Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: FITC <no-reply@fitc.ca> Subject: Three Upcoming Events Just for You! Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem… Читать далее Abused / misconfigured newsletter service (listbombing)

domain used in spam operation looks to be fake discount cards for costco, walgreens, etc. Subject: B͏L͏A͏C͏K͏ F͏R͏I͏D͏A͏Y͏, y͏o͏u͏r͏ l͏u͏c͏k͏y͏ d͏a͏y͏. (Costco) Subject: B͏L͏A͏C͏K͏ F͏R͏I͏D͏A͏Y͏ B͏e͏g͏i͏n͏s͏ N͏o͏w͏!!! (Walmart) Subject: Y͏o͏u͏ h͏a͏v͏e͏ b͏e͏e͏n͏ s͏e͏l͏e͏c͏t͏e͏d͏ (Walgreens) beastq.com

52.2.51.95 = idropnews.com idrop-1790182703.us-east-1.elb.amazonaws.com The following related hostnames used for «snowshoe» spamming blog.idrop.io eye.idrop-news.com fb.idropnews.com idrop-news.com idrop.email idrop.io idrop.news idrop.us idropnews.com mail.idrop.us mailhost.idrop-news.com mailin.idrop.us master.idropnews.com mta165.idrop.io mta166.idrop.io mta168.idrop.io mta171.idrop.io mta172.idrop.io mx2.idrop.io mx3.idrop.io newsletter.idrop.io s1.idropnews.com seo.idropnews.com simple.idrop-news.com www.idrop-news.com www.idrop.email www.idrop.io www.idrop.news www.idrop.us — Domain Name: IDROPNEWS.NET Creation Date: 2013-10-02 20:14:00Z Registrar Registration Expiration Date: 2014-10-02 20:14:00Z… Читать далее idropnews.com spammers @52.2.51.95

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 54.233.90.128 on port 443 TCP: $ telnet 54.233.90.128 443 Trying 54.233.90.128… Connected to 54.233.90.128. Escape character… Читать далее Malware botnet controller @54.233.90.128