Рубрика: amazon.com

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 18.190.26.16 on port 61391 TCP: $ telnet 18.190.26.16 61391 Trying 18.190.26.16… Connected to 18.190.26.16. Escape character… Читать далее RedLineStealer botnet controller @18.190.26.16

Received: from unny1.consequat.co (unny1.consequat.co. [188.127.235.205]) From: «LAYLA» <[]@consequat.co> Date: Wed, 27 Oct 2021 20:3x:xx -0700 Subject:Layla_sent_you_more_nude_selfies. https://bit.ly/3pwSP5Y 67.199.248.10 http://importantdeals.net/?VF80ODg3XzA= 51.15.10.70 https://bordmac.com/?a=3020&oc=13816&c=39220&p=r&m=3&s1=2&s2=0&s3=4887&s4= 35.204.82.162 https://track.clickstogold.com/aff_c?offer_id=4099&aff_id=2240&url_id=45041&aff_sub=3020&aff_click_id=[] 107.21.246.48 http://citysweeties.com/landing109?cat=default&pt1=[]&pi=2240&pe=3020 34.72.137.22

Received: from AM6P192CA0102.EURP192.PROD.OUTLOOK.COM (2603:10a6:209:8d::43) From: JAVA BURN ™ <[].global.admin@theemarketers.co.uk> Subject: 🆒📢Try JAVA BURN For Over 80% OFF Today! 📩🆒 Date: Thu, 28 Oct 2021 00:1x:xx +0200 http://theemarketers.co.uk/cl/[] 23.154.81.106 https://javaburn.lpages.co/javaburn/?aff_sub1=3&aff_sub2=16674_1&aff_sub3=[] 35.202.21.90 https://bit.ly/3C8BFPo 67.199.248.10 https://49b53vyeqghrbue5ljf62eqv1k.hop.clickbank.net/?tid=LINK 35.81.35.31 https://javaburnhop.com/go?hop=ariana321 13.224.96.98 https://javaburn.com/welcome?hop=ariana321 13.224.96.84

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.17.66.208 on port 50383 TCP: $ telnet 3.17.66.208 50383 Trying 3.17.66.208… Connected to 3.17.66.208. Escape character… Читать далее RedLineStealer botnet controller @3.17.66.208

Received: from saepezrezo.urlweb.xyz ([195.154.32.132]) From: Jobs from Home <[]> Date: 10-24-2021 (EDT) Subject: $1,000+ 𝙥𝙚𝙧 𝙬𝙚𝙚𝙠 𝙛𝙧𝙤𝙢 𝙝𝙤𝙢𝙚 https://t.co/IZc9t0slWD http://trk.vmptoday.com/aff_c?offer_id=1967&aff_id=559 18.202.12.61 https://pionsures-poludes.com/[]?utm_tracking_id=922&utm_partner_name=vertigo&affiliate_id=559&utm_source=vertigo&utm_medium=publisher&externalid=[] 18.192.108.151 https://my10hourworkweek.com/us/?utm_tracking_id=922&utm_partner_name=vertigo&utm_source=vertigo&utm_medium=publisher&affiliate_id=559&first_id=&externalid=[]&clickid=[] 167.71.1.108

Part of PAAS/MAAS operation artemlabshiola.com has address 204.236.244.206 artemkomovshiola.com has address 204.236.244.206 artemkobalshiola.com has address 204.236.244.206 artemkhanshiola.com has address 204.236.244.206 artemkadashiola.com has address 204.236.244.206 artemka93shiola.com has address 204.236.244.206 artemka888shiola.com has address 204.236.244.206 artemka116russhiola.com has address 204.236.244.206 artemka1993shiola.com has address 204.236.244.206 artemka1999shiola.com has address 204.236.244.206 artemiyanashiola.com has address 204.236.244.206

Domains used exclusively for tracking clicks from spam traffic. Domains registered with private registration of course so you can’t tell who the spammer is. Likely being managed by the Cake Marketing spam metrics system. jstrk3.com jstrk5.com mrktrecord17.com mrktrecord18.com mrktrecord3.com mrktrecord8.com trkcity.com trkfocus.com trkguide.com

Received: from mail.rajhans.co.in (HELO emailsrv.rajhanscorp.com) (203.109.74.179) by mx.spamhaus.org (qpsmtpd/0.80) with (AES256-SHA encrypted) ESMTPS; Thu, 21 Oct 2021 20:33:45 +0000 Received: from accountsecurity.com (ec2-3-12-186-10.us-east-2.compute.amazonaws.com [3.12.186.10]) by emailsrv.rajhanscorp.com (Postfix) with ESMTPSA id D246033511C4 for <sbl-autonotify@spamhaus.org>; Fri, 22 Oct 2021 01:55:57 +0530 (IST) From: Account Security <secure@accountsecurity.com> Subject: Sign In Alert For sbl-autonotify@spamhaus.org Date: 21 Oct 2021 15:24:43… Читать далее Phish spam source @3.12.186.10

Received: from b224-7.smtp-out.eu-central-1.amazonses.com (69.169.224.7) From: Johanna Jakobsson <johanna@behindthepostz.com> Subject: Emelie förlåt, men du vill verkligen inte missa det här … Date: Fri, 22 Oct 2021 06:3x:xx +0000

The host at this IP address is being (ab)used to «listbomb» email addresses: From: OGI Magazine <noreply@oginnovation.co.uk> Subject: Oil & Gas Innovation Magazine Autumn 2021 Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email… Читать далее Abused / misconfigured newsletter service (listbombing)