Рубрика: hetzner.de

Server emitting phish spam to steal access credentials, probably thanks to a compromised password. Problem started around Thu, 28 Oct 2021 23:30 UTC, still going on on Sun, 31 Oct 2021. The compromised machine appears to be 192.241.214.14, but the spam is delivered through 138.201.176.89. mx1.librem.one. 300 IN A 138.201.176.94 (source is .89) smtp.librem.one. 300… Читать далее phish source at librem.one

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.108.14.118 on port 15253 TCP: $ telnet 65.108.14.118 15253 Trying 65.108.14.118… Connected to 65.108.14.118. Escape character… Читать далее RedLineStealer botnet controller @65.108.14.118

Return-Path: <gopkalo.e@shf.com.ua> Received: from mail.your-server.de (mail.shf.com.ua [78.46.116.140]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Wed, 27 Oct 2021 ##:##:## +0300 (EEST) Authentication-Results: x; dkim=permerror reason=»verification error: key DNS reply corrupt» header.d=shf.com.ua header.i=@shf.com.ua header.b=db8gDY0u; dkim-adsp=fail DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shf.com.ua; s=mail1; h=Content-Transfer-Encoding:MIME-Version:Content-Type:Reply-to:… Читать далее Advance fee fraud origination @ 78.46.116.140

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. GCleaner botnet controller located at 65.21.114.241 on port 80 (using HTTP GET): hXXp://gcl-gb.biz/check.php $ telnet 65.21.114.241 443 Trying 65.21.114.241… Connected to 65.21.114.241. Escape character is ‘^]’ gcl-gb.biz.… Читать далее GCleaner botnet controller @65.21.114.241

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.21.114.239 on port 443: $ telnet 65.21.114.239 443 Trying 65.21.114.239… Connected to 65.21.114.239. Escape character is ‘^]’ moruhx04.top. 60 IN A 65.21.114.239

The host at this IP address is being (ab)used to «listbomb» email addresses: From: Reuse Hardwares <info2@reuse-hardwares.store> Subject: 25 x Hp Prbook 650 G2 15.6″ CORE I5 6300U —-> 185€ Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.21.114.237 on port 443 TCP: $ telnet 65.21.114.237 443 Trying 65.21.114.237… Connected to 65.21.114.237. Escape character… Читать далее Malware botnet controller @65.21.114.237

Return-Path: <master@adg.ma> Received: from hokageweb.nindohost.net (hokageweb.nindohost.net [138.201.14.18]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Tue, 19 Oct 2021 ##:##:## +0300 (EEST) Authentication-Results: x; dkim=pass reason=»2048-bit key» header.d=adg.ma header.i=@adg.ma header.b=GJrvjpat; dkim-adsp=pass DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=adg.ma; s=default; h=Content-Type:MIME-Version:Sender:To:Message-Id:Subject:Date:From :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive;… Читать далее Phishing origination against Nordea Bank (Nordics)

Received: from spruce-goose-ar.twitter.com (144.76.18.189) From: Svart Hvitløk <> Subject: Svart Hvitløk For styrket immunforsvar og bedre helse Date: Sat, 16 Oct 2021 19:3x:xx +0000

Received: from static.169.41.108.65.clients.your-server.de ([65.108.41.169] helo=loghanfrelght.com) From: «Jude» <jude@loghanfrelght.com> Date: 13 Oct 2021 15:3x:xx +0200 Subject:PO 38723