Рубрика: amazon.com

The host at this IP address is being (ab)used to «listbomb» email addresses: From: シックス・アパート株式会社 <no-reply@sixapart.com> Subject: MT 7 r.5003 / 6.8.3 / Premium 1.47 の提供を開始（セキュリティアップデート）【Movable Type News Letter 2021年10月号】 Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.121.139.82 on port 19858 TCP: $ telnet 3.121.139.82 19858 Trying 3.121.139.82… Connected to 3.121.139.82. Escape character… Читать далее AsyncRAT botnet controller @3.121.139.82

Received: from mhkg.mta3.appspot.com (20.185.239.150) From: Facebook <[]@facebook.com> Subject: Tell us about your experience with Facebook being down and get $90 promo reward Date: Mon, 18 Oct 2021 18:11:41 +0200 https://dinoperks.page.link/rK6c 74.125.192.101 https://binocularsti.com/[] 165.227.177.110 https://distinctpedestrian.com/?s1=[]&s2=[]&s3=3410&s4=1638&ow=&s10=862 172.67.200.31 https://konicpirg.com/[] 172.67.187.213 https://waveyup.com/click?s2=[]&s1=[]&s3=3410&trvid=10496&s4=1638&ow=8 34.234.154.208 https://icelnkr.com/?a=310&c=457&s2=p[ 3.222.214.90 https://www.getzbuds.com/jtn3/?tracking1=XCI1S&tracking2=&tracking3=[]&tracking4=[] 104.21.54.210

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 18.118.173.193 on port 333 TCP: $ telnet 18.118.173.193 333 Trying 18.118.173.193… Connected to 18.118.173.193. Escape character… Читать далее Xtrat botnet controller @18.118.173.193

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.36.121.136 on port 4782 TCP: $ telnet 3.36.121.136 4782 Trying 3.36.121.136… Connected to 3.36.121.136. Escape character… Читать далее QuasarRAT botnet controller @3.36.121.136

onlinearoisecurityupdated.com has address 35.155.30.240 validate-myitem.com has address 35.155.30.240 myitem-fee.delivery has address 35.155.30.240 presidentialrelief.work has address 35.155.30.240 myitem-attemptfee.com has address 35.155.30.240 portal-logonactivity.com has address 35.155.30.240

Received: from s22020.in.dimiwuh.eu (212.236.220.20) From: Era Finans på vegne av Travelwop <info@in.dimiwuh.eu> Subject: Refinansiering av smålån og kredittkort Date: Fri, 15 Oct 2021 06:3x:xx +0000 http://in.dimiwuh.eu/r?up=[] 188.95.249.200 http://rls.go2cloud.org/aff_c?offer_id=108&aff_id=1&url_id=230&aff_sub2=1294&aff_sub3=[]&aff_sub4=[] 34.198.147.111 https://erafinans.no/?campaign=830&clickid=[]&affid=123456 159.65.196.24

The Swedish entities @verko.se / @maskinkontakt.se are mailing out of 23.251.240.5[0-9]. The addresses they are targeting and their message contents suggest that they may be using purchased B2B email address lists for this purpose.

Received: from a48-103.smtp-out.amazonses.com (54.240.48.103) From: Anna Axelsson <anna@topwiss.com> Subject: Rop till gårdagens högsta inkomsttagare! Date: Wed, 13 Oct 2021 16:0x:xx +0000

01auth-wfsource.co has address 3.142.151.26 auth-chasesource.org has address 3.142.151.26