Рубрика: google.com

Received: from mail-vs1-f72.google.com (HELO mail-vs1-f72.google.com) (209.85.217.72) by xx; Thu, 19 Nov 2020 20:44:57 +0000 Received: by mail-vs1-f72.google.com with SMTP id xx; Thu, 19 Nov 2020 12:44:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=xx; h=mime-version:reply-to:message-id:date:subject:from:to; bhxx X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=xx; h=x-gm-message-state:mime-version:reply-to:message-id:date:subject :from:to; bh=xx X-Gm-Message-State: xx MIME-Version: 1.0 X-Received: by 2002:a67:fe98:: with SMTP id… Читать далее New spam vector from Google: «Google Form» / mgrayz5729@gmail.com / walbetty09@gmail.com

Christian Media Network, a religious and political advocacy group that has spams through Google Groups, is active again after a period of relative quiet. This organization has been spamming through Google Groups for at least two years, since we first noticed them. The organization is now forging subscriptions to new GoogleGroups lists, apparently from previous… Читать далее Christian Media Network (forging subscriptions to multiple lists)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: anya@rankexperience.com Subject: SEO Dashboard can be placed on your website for free till the 24th of November Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed»… Читать далее Abused / misconfigured newsletter service (listbombing)

Spammer still active with the same sending address on 29-Jan-2021. ————————————————————- Received: from mail-yb1-f173.google.com (HELO mail-yb1-f173.google.com) (209.85.219.173) by xx; Tue, 24 Nov 2020 08:22:59 +0000 Received: by mail-yb1-f173.google.com with SMTP id xx.1 for <xx; Tue, 24 Nov 2020 00:22:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=xx; h=mime-version:from:date:message-id:subject:to:cc; bh=xx X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=xx;… Читать далее Spamming using Gmail: brp394sandeep@gmail.com

Spam source ==================================================================== Received: from mail-qv1-f44.google.com (mail-qv1-f44.google.com [209.85.219.44]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN «smtp.gmail.com», Issuer «GTS CA 1O1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Thu, 26 Nov 2020 X Received: by mail-qv1-f44.google.com with SMTP id ec16so652705qvb.0 for <X>; Thu, 26 Nov 2020 X DKIM-Signature: X X-Google-DKIM-Signature:… Читать далее Spam source @209.85.219.44

(aka carder.su / uniccshop.ru / pinkshop.name / carderpro.com / cardmafia.mn / ccbase.biz / cpro.su) ;; ANSWER SECTION: cvvshop.lv. 1799 IN NS ns-cloud-e2.googledomains.com. cvvshop.lv. 1799 IN NS ns-cloud-e4.googledomains.com. cvvshop.lv. 1799 IN NS ns-cloud-e3.googledomains.com. cvvshop.lv. 1799 IN NS ns-cloud-e1.googledomains.com. ;; ANSWER SECTION: cvvshop.lv. 179 IN A 151.106.2.144 cvvshop.lv. 179 IN A 185.250.240.244 cvvshop.lv. 179 IN A 84.16.234.220… Читать далее DNS hosting for Russian carding fraud site/forum: cvvshop.lv

https://hcmcou-my.sharepoint.com/:b:/g/personal/chau_tdd_oude_edu_vn/EbDc7VE740JHkCstHQmgApwBahR_kvReicRf_jlrhz38yA?e=4%3aiGnY9y&at=9 >>> https://sites.google.com/view/come2here-/ >>> https://www.google.com/url?q=https%3A%2F%2Fgo.cm-trk3.com%2Faff_c%3Foffer_id%3D3918%26aff_id%3D26108%26aff_sub5%3Djy20&sa=D&sntz=1&usg=AFQjCNH3wmxYFS7w8F7XyhsDY0agg5bQnw >>> https://go.cm-trk4.com/rd.html?go=https%3A%2F%2Fanamuel-careslie.com%2F617ed4ee-ed33-483a-b8e3-308d1e39164a%3Fcid%3D38_26108_3918_b0353eb65a0994b3b9edcb1d314818fe%26adwpl%3D26108%26source%3D sites.google.com. 271 IN A 172.217.5.78

Reports ignored. https://hceeduvn-my.sharepoint.com/personal/16k4071002_hce_edu_vn/_layouts/15/onedrive.aspx?id=%2Fpersonal%2F16k4071002%5Fhce%5Fedu%5Fvn%2FDocuments%2F1%2F%F0%9F%92%96%F0%9F%8D%83%F0%9F%8C%B5%F0%9F%A7%89%20Hey%20Sweet%5Fheart%20%F0%9F%92%96%F0%9F%8D%83%F0%9F%8C%B5%F0%9F%A7%89%2Eurl&parent=%2Fpersonal%2F16k4071002%5Fhce%5Fedu%5Fvn%2FDocuments%2F1&originalPath=aHR0cHM6Ly9oY2VlZHV2bi1teS5zaGFyZXBvaW50LmNvbS86dTovZy9wZXJzb25hbC8xNms0MDcxMDAyX2hjZV9lZHVfdm4vRVlGWnl4X3dySVpDa1Z2OXFxenFkVDBCTHgwRUxOaEZLM1ZsUmJTWmJFdjRoQT9ydGltZT1nOFJ5M0txVjJFZw >>> https://meet-me4.wixsite.com/safe >>> https://qvbbkx.shewantyou.com/c/da57dc555e50572d?s1=99216&s2=1183551&j1=1&j3=1 >>> https://www.flirtstate.com/landing2?cat=milf&pt1=x&pi=1818&pe=xx ;; ANSWER SECTION: www.flirtstate.com. 3599 IN CNAME flirtstate.com. flirtstate.com. 3599 IN A 34.72.137.22 2020-09-14 11:48:06 chatomagic.com A 34.72.137.22 2020-10-02 08:09:52 citysweeties.com A 34.72.137.22 2020-09-16 07:17:48 flirtstate.com A 34.72.137.22 2020-11-18 19:46:09 myflirtalert.com A 34.72.137.22

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.213.167.255 on port 587 TCP: From: info@tri2win.co.nz To: boy92454@gmail.com $ telnet 35.213.167.255 587 Trying 35.213.167.255… Connected… Читать далее AgentTesla botnet controller @35.213.167.255

https://compagnidiviaggio.net/logs/update-your-account-information/security-measure/log-in/ https://compagnidiviaggio.net/logs/update-your-account-information/security-measure/log-in/myaccount/home?access_key=TSancJKeFeSA16gS2eBw7DNYKvABFTPQtQWvNQffgbX05sJllo compagnidiviaggio.net. 14399 IN A 34.90.48.198