Рубрика: fastvps.ee

Received: from se8d23ff5.fastvps-server.com (HELO se8d23ff5.fastvps-server.com) (5.101.181.151) Date: Sun, 16 Jan 2022 From: «Mazin Hussein»<info@emiliaceramica.com> Subject: Can you supply your Products

srv.domainmu.net. 86400 IN A 5.45.123.208 domainmu.net. 172799 IN NS ns1.domainmu.net. domainmu.net. 172799 IN NS ns2.domainmu.net. ns1.domainmu.net. 172799 IN A 5.45.123.208 ns2.domainmu.net. 172799 IN A 5.45.123.208 ===================================================================================== Return-Path: <info@domainmu.net> Received: from host.domainmu.net (HELO srv.domainmu.net) (5.45.123.208) by x (x) with (AES128-SHA encrypted) ESMTPS; Tue, 11 Jan 2022 xx:xx:xx +0000 Received: from [127.0.0.1] DKIM-Filter: OpenDKIM Filter v2.11.0 srv.domainmu.net… Читать далее domain scam source

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://restoran-energy.ru/wp-content/uploads/2020/12/JST10x.php Host: restoran-energy.ru IP address: 5.101.180.182 Hostname: s7277bff9.fastvps-server.com

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://shop.shriyantra.ru/wp-content/plugins/js_composer/config/JST10x.php Host: shop.shriyantra.ru IP address: 185.4.74.148 Hostname: sb9044a94.fastvps-server.com

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://victory-spb.ru/wp-content/plugins/google-sitemap-generator/img/JST10x.php Host: victory-spb.ru IP address: 5.101.180.182 Hostname: s7277bff9.fastvps-server.com

Received: from s7277bff9.fastvps-server.com (5.101.180.182) Subject: USPostalService notification No.57441 Date: Mon, 13 Sep 2021 05:5x:xx -0600 (CST) From: USPS <gnirebba1997@s7277bff9.fastvps-server.com> http://pianobanan.com/wp-content/pansynx.php => http://goodrxstore.su/ pianobanan.com. 3600 IN A 171.22.26.128 goodrxstore.su. 600 IN A 185.182.105.220

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://readinglistforaugust9.club/raccon.exe $ dig +short readinglistforaugust9.club 5.45.124.211 $ nslookup 5.45.124.211 sa8461b72.fastvps-server.com Referencing malware binaries (MD5 hash): 01525ed7bcb76477e0a2c97c0abe41a7 — AV detection: 26 / 67 (38.81) 07b53c78a2e3f9133fbce0d1ee7c6376 — AV detection: 21 / 65 (32.31) 81fe60bb08d5b11117d89e774c631fa1 — AV detection: 23 / 69… Читать далее Malware distribution @5.45.124.211