9/21/2021: The domain webinarninja.com is continuing to send spam, through both Mailchimp and Sendgrid. Please note the previous SBL listing, included beneath this one, for a track record. Received: from o31.ck.m.convertkit.com (o31.ck.m.convertkit.com [149.72.157.114]) Date: Thu, 16 Sep 2021 12:15:44 +0000 (UTC) From: Omar Zenhom <support@webinarninja.com> Subject: We can’t charge this much anymore. <snip> ******************* Prices… Читать далее webinarninja.com
Рубрика: google.com
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: ICYS ExCom <icecoreys@gmail.com> Subject: Zoom Link — ICYS 9th Seminar September 23rd 07:00-08:00 UTC Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages… Читать далее Abused / misconfigured newsletter service (listbombing)
Spam source — list sales
Return-Path: <dbruke@leadsattributes.com> Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by [] (8.14.7/8.14.7) with ESMTP id [] (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK) for []; Fri, 24 Sep 2021 13:[]:[] -0400 Authentication-Results: [] Received: by mail-pf1-f195.google.com with SMTP id [] for []; Fri, 24 Sep 2021 10:[]:[] -0700 (PDT) DKIM-Signature: [] X-Google-DKIM-Signature:[] X-Gm-Message-State: [] X-Google-Smtp-Source: [] X-Received: by 2002:aa7:848c:0:b0:43f:cbf8:49af with… Читать далее Spam source — list sales
phishing server
payypaisecureeaccounzxb.com has address 34.106.145.113 payypaisecureeaccounzxg.com has address 34.106.145.113
irs phishing server
https://irs.gov.irs-september.com/?irsgov $ host irs.gov.irs-september.com irs.gov.irs-september.com has address 34.150.136.18
irs phishing server
hXXps://irs.gov.3rd-paymentreceive.com/?irsgov $ host irs.gov.3rd-paymentreceive.com irs.gov.3rd-paymentreceive.com has address 34.85.254.141
Malware botnet controller @35.194.62.150
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.194.62.150 on port 80 (using HTTP GET): hXXp://35.194.62.150/loader.php $ nslookup 35.194.62.150 150.62.194.35.bc.googleusercontent.com Referencing malware binaries (MD5 hash): a7d8a48297c4927fd6d9fa9bfd224871 — AV detection: 9… Читать далее Malware botnet controller @35.194.62.150
njrat botnet controller @34.89.104.171
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 91.109.188.3 on port 5050 TCP: $ telnet 34.89.104.171 5050 Trying 34.89.104.171… Connected to 34.89.104.171. Escape character… Читать далее njrat botnet controller @34.89.104.171