citizens-alertsusersms.com has address 137.184.123.222 secured-l0ginusersslauthreviewsverify.com has address 137.184.123.222 secured-l0ginauthusersslverifiedreviewed.com has address 137.184.123.222
Рубрика: digitalocean.com
WSHRAT botnet controller @147.182.241.104
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 147.182.241.104 on port 7121 TCP: $ telnet 147.182.241.104 7121 Trying 147.182.241.104… Connected to 147.182.241.104. Escape character… Читать далее WSHRAT botnet controller @147.182.241.104
Carding fraud site/forums: fe-acc18.ru (DNS)
ns1.fe-acc18.ru. 273 IN A 67.205.169.224 ns2.fe-acc18.ru. 273 IN A 206.189.103.131 ns3.fe-acc18.ru. 273 IN A 194.145.227.153 ___________________________ Was: ns1.fe-acc18.ru. 299 IN A 159.65.60.44 ns2.fe-acc18.ru. 299 IN A 206.189.37.24 ;; QUESTION SECTION: ;ns1.fe-acc18.ru. IN A ;; ANSWER SECTION: ns1.fe-acc18.ru. 300 IN A 159.65.60.44 ;; AUTHORITY SECTION: fe-acc18.ru. 300 IN NS ns1.fe-acc18.ru. fe-acc18.ru. 300 IN NS ns2.fe-acc18.ru. fe-acc18.ru.… Читать далее Carding fraud site/forums: fe-acc18.ru (DNS)
Carding fraud site/forums: fe-acc18.ru (DNS)
ns1.fe-acc18.ru. 273 IN A 67.205.169.224 ns2.fe-acc18.ru. 273 IN A 206.189.103.131 ns3.fe-acc18.ru. 273 IN A 194.145.227.153 ___________________________ Was: ns1.fe-acc18.ru. 299 IN A 159.65.60.44 ns2.fe-acc18.ru. 299 IN A 206.189.37.24 ;; QUESTION SECTION: ;ns1.fe-acc18.ru. IN A ;; ANSWER SECTION: ns1.fe-acc18.ru. 300 IN A 159.65.60.44 ;; AUTHORITY SECTION: fe-acc18.ru. 300 IN NS ns1.fe-acc18.ru. fe-acc18.ru. 300 IN NS ns2.fe-acc18.ru. fe-acc18.ru.… Читать далее Carding fraud site/forums: fe-acc18.ru (DNS)
Spamvertised website
Received: from gotogml.com (gotogml.com. [185.122.223.223]) From: 🔔Gemeentelijk Energie <[]@gotogml.com> Date: Fri, 08 Oct 2021 09:1x:xx +0000 Subject: Nieuw in uw gemeente: bespaar via het Gemeentelijke Energie Collectief http://crystals.com.de/rd/[] 64.227.77.166 https://laudypauty.com/[] 209.159.146.166 https://sendt.go2cloud.org/aff_c?offer_id=2893&aff_id=1482&aff_sub=472864&aff_sub2=[]&aff_sub3=31 18.202.12.61
phishing server
1netflix.club has address 159.65.89.216
Estonian corporate undertaker spam
Received: from adoring-rosalind.46-101-249-55.plesk.page (unknown [46.101.249.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Mon, 11 Oct 2021 ##:##:## +0100 (BST) Received: by adoring-rosalind.46-101-249-55.plesk.page (Postfix, from userid 10000) id x; Mon, 11 Oct 2021 ##:##:## +0000 (UTC) To: x Subject: Probleemsete ettevõtete eemaldamine X-PHP-Originating-Script:… Читать далее Estonian corporate undertaker spam
Phishing origination against LCL (banking and insurance group in France)
Received: from webmail.unisannio.it (unknown [147.182.219.67]) by x (Postfix) with ESMTPS id x for <x>; Mon, 11 Oct 2021 ##:##:## +0000 (UTC) Received: by webmail.unisannio.it (Postfix, from userid 33) id x; Mon, 11 Oct 2021 ##:##:## +0000 (UTC) To: x Subject: reconfirmer votre numéro mobile X-PHP-Originating-Script: 0:Mpriority.php Date: Mon, 11 Oct 2021 ##:##:## +0000 From: LCL… Читать далее Phishing origination against LCL (banking and insurance group in France)
Phishing origination against S-Pankki (Finnish banking group)
Received: from smtp.gowebbm.fun (smtp.gowebbm.fun [178.62.108.80]) … Authentication-Results: x; dkim=pass (2048-bit key; unprotected) header.d=gowebbm.fun header.i=@gowebbm.fun header.b=»JLCttXV6″; dkim-atps=neutral Subject: Verkkopankki Päivitys From: inf0@S-pankki.fi
Phishing origination against S-Pankki (Finnish banking group)
Received: from smtp.goodlifeweb.website (smtp.goodlifeweb.website [134.122.51.64]) … Authentication-Results: x; dkim=pass (2048-bit key; unprotected) header.d=goodlifeweb.website header.i=@goodlifeweb.website header.a=rsa-sha256 header.s=default header.b=scB771vF; dkim-atps=neutral Subject: Verkkopankki Päivitys From: inf0@S-pankki.fi