Рубрика: google.com

4/01/2019: Spamming again, through mostly the same groups. Google Abuse does not appear to have acted against this spam operation at all. Received: from mail-oi1-f189.google.com (mail-oi1-f189.google.com [209.85.167.189]) Sender: dispatchesfromheaven10@googlegroups.com Date: Mon, 1 Apr 2019 08:##:## -0700 (PDT) From: spiritualisrael4@gmail.com Subject: [Christian Media] ChristianMediaDaily News — The Week In Review — 04/01/2019 [Content as below] 3/25/2019:… Читать далее Google Groups Spam Groups (ChristianMediaDaily)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: jeannine@dailyplanetltd.com Subject: April Shirt of the Month Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================… Читать далее Abused / misconfigured newsletter service (listbombing)

Spammer hosting located here: $ dig +short www.migros.com-giftme.com c.storage.googleapis.com. storage.l.googleusercontent.com. 172.217.168.16

The host at this IP address is being (ab)used to «listbomb» email addresses: From: jeannine@dailyplanetltd.com Subject: May Shirts of the Month Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address (172.217.17.144) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://storage.googleapis.com/ultramaker/06/v.txt https://storage.googleapis.com/ultramaker/06/vv.txt https://storage.googleapis.com/ultramaker/07/v.txt https://storage.googleapis.com/ultramaker/07/vv.txt https://storage.googleapis.com/ultramaker/08/v.txt https://storage.googleapis.com/ultramaker/08/vv.txt AS number: AS15169 AS name: GOOGLE — Google LLC Hostname: ams15s30-in-f144.1e100.net

The host at this IP address (35.189.74.201) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://instrukcja-ppoz.pl/wordpress/bkrp50n6ykdygn3s_kqboj-845329891893/ https://instrukcja-ppoz.pl/wordpress/Scan/uZolOcYDvVxeBfUFpHBlIogckNCiE/ AS number: AS15169 AS name: GOOGLE — Google LLC Hostname: 201.74.189.35.bc.googleusercontent.com

Spam source ==================================================================== Received: from mail-pf1-f194.google.com (HELO mail-pf1-f194.google.com) (209.85.210.194) by X (qpsmtpd/0.80) with (AES128-SHA encrypted) ESMTPS; Tue, 11 Jun 2019 X Received: by mail-pf1-f194.google.com with SMTP id X for <X>; Tue, 11 Jun 2019 X DKIM-Signature: X X-Google-DKIM-Signature: X X-Gm-Message-State: X X-Google-Smtp-Source: X X-Received: by 2002:a63:e317:: with SMTP id X; Tue, 11 Jun 2019 05:17:15… Читать далее Spam source @209.85.210.194

This IP address is originating spam for ROKSO spammer RetroCubes, and sending that spam through an IP address at OVH. Google: Please shut down this customer account. Received: from <x>.updateyourjoomla.com (ip216.ip-144-217-217.net [144.217.217.216]) Received: from 76.53.239.35.bc.googleusercontent.com ([35.239.53.76]:64606) Date: Tue, 11 Jun 2019 15:##:## +0000 From: «Ruby Logo» <sales@rubylogo.com> Subject: <x> Custom Logo <x> <snip> Logo Ruby… Читать далее RetroCubes

Spammer hosting located here: http://www.lmpartureinformationarchitechture.com/course/online-training/google-analytics-online/?utm_source=Cognism&utm_medium=Email&utm_campaign=OL_Google_Analytics $ dig +short www.lmpartureinformationarchitechture.com ghs.googlehosted.com. 172.217.168.19 Spam sample ==================================================================== Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-eopbgr740050.outbound.protection.outlook.com [40.107.74.50]) by X (Postfix) with ESMTPS id X for <X>; Wed, 12 Jun 2019 XX:XX:XX +0000 (UTC) DKIM-Signature: X Received: from BYAPR14MB2646.namprd14.prod.outlook.com (20.178.55.23) by BYAPR14MB3253.namprd14.prod.outlook.com (20.178.196.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id X; Wed, 12 Jun… Читать далее Spammer hosting @172.217.168.19

The host at this IP address (172.217.17.110) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://docs.google.com/uc?authuser=0&id=18i2yyTqzgJp-REjsPpB_3PqQvw1u318z&export=download https://docs.google.com/uc?id=1gFQqYMgdj4WhnD4uQKZZQNehXCwl5vaU https://docs.google.com/uc?id=1J6UAjKCidBKPeWeXqtZjcAkoccTpW7kL https://docs.google.com/uc?id=1n4UXkx-53fx1KiLH1NbdFMj0qcW34i9J https://docs.google.com/uc?id=1Fmkh3ZUs-CipB03q3SSR48_o86H_Jz9m https://docs.google.com/uc?id=1n8OgwkUiSWtcyjBmJk22PJlxb01N2pdc https://docs.google.com/uc?id=1iPF71_XOoOwATt0i1wXN47g47t_mBxnr https://docs.google.com/uc?id=1lZsSc0uN9TwQ25eTjQTW4g-Gnif-C_AW https://docs.google.com/uc?id=1uXYaMbPVsMXfSQDTdQx95KhVwxtW7cpc http://docs.google.com/uc?id=1J6UAjKCidBKPeWeXqtZjcAkoccTpW7kL https://docs.google.com/uc?id=11B7w7qI-FFU-MO9vKNql8PDLr8XOLGU6 https://docs.google.com/uc?id=1Wgu3zHSmlUvUOU95oToCEZE0JuvKk_9e https://docs.google.com/uc?id=1NdpZTeObjT0z3jN4_mF7Pogn1YDbxdcc https://docs.google.com/uc?id=1NKbmd0rKcOhaRBWhN7qoGLmUX8-6EHmx https://docs.google.com/uc?id=12el5M8Pcwt-O4oAsZmv4CmU3MS8vn2y0 https://docs.google.com/uc?id=11AX6xAEtkYJIh2Rw8b3FS8I7k6bBDru1 https://docs.google.com/uc?id=1KscdLA0Z8zlP1fJlySylmGlui9jTHo6D https://docs.google.com/uc?id=1AR-m4FY0bqoUQ2BCjyh5GlWe6w1R-RB9 https://docs.google.com/uc?id=1ZulNY3dzWB5wMWNRRCi9jb4mxDevxl3w https://docs.google.com/uc?id=1TSxAr8hKOjDKq0p-r9KqkvYfepvfTcum https://docs.google.com/uc?id=1C_htEwLBVWRMoW3jM9kGwwOlkcK-SiJW https://docs.google.com/uc?id=1uqllYGAl1kR1d8tEHsT5gopFbhafMPfM https://docs.google.com/uc?id=1jZy9tjIB7e0xhY_j7d6PLiAqAc0q2XOy https://docs.google.com/uc?id=14mEFn9dlRsYcmYEMBW-GaeHVXD1hjXcp https://docs.google.com/uc?id=1UbhYDo-aSLx2HI9p4gGkDbouJTy6EH2T https://docs.google.com/uc?id=148vxn1E4kIM5bmsGsxlL58aRzVC-JtvR https://docs.google.com/uc?id=1-FyzqWRkjcqRUfd5tE0XomMM-QazamrA https://docs.google.com/uc?id=1MPMGyGHWklsEYU4DAYn-bNi7bBv0UB3U https://docs.google.com/uc?id=1JZ27PGfbBSnjj1CZd3kHNhPDbf7nlvyN https://docs.google.com/uc?id=1-RUnaYQXHz3Oqc1Zc3AV62YyH4i4bvC4 https://docs.google.com/uc?id=1vMgtrUnt_St31oFv0NPv_PgWQ7lA2v2k https://docs.google.com/uc?id=1DhElWwqEN0Z3tMbToVEOdesU-Z-KJUoT… Читать далее Malware distribution @172.217.17.110