Received: from panneauxadhesif.fr (smtp.panneauxadhesif.fr [51.15.213.142]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Tue, 12 Apr 2022 X Received: from panneauxadhesif.fr (panneauxadhesif.fr [127.0.0.1]) by panneauxadhesif.fr (8.14.7/8.14.7) with ESMTP id X for <X>; Tue, 12 Apr 2022 X DKIM-Filter: OpenDKIM Filter v2.11.0… Читать далее Spam source @51.15.213.142
Рубрика: iliad.fr
Spam source @163.172.187.110
Received: from enseignebachepascher.fr (smtp.enseignebachepascher.fr [163.172.187.110]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <rX>; Wed, 30 Mar 2022 X Received: from enseignebachepascher.fr (enseignebachepascher.fr [127.0.0.1]) by enseignebachepascher.fr (8.14.7/8.14.7) with ESMTP id X for <X>; Wed, 30 Mar 2022 X DKIM-Filter: OpenDKIM Filter v2.11.0… Читать далее Spam source @163.172.187.110
spam emitter @163.172.182.27
Received: from battleaxtheater.com ([163.172.182.27]) From: Théo, Investment Manager <info@battleaxtheater.com> Subject: Laat me weten wat je van dit investeringsplan vindt, [] Date: Tue, 22 Mar 2022 16:5x:xx +0000
spam emitter @51.159.190.80
Received: from rubenmadera.com ([51.159.190.80]) From: «Bendt, klanten manager» <info@rubenmadera.com> Subject: U bent nu klaar om bij ons te investeren, [] Date: Tue, 22 Mar 2022 10:0x:xx +0000
Abused crypto currency mining pool
The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»44W9eLcymm66Eie5AyD11jYW1DaJ4GTHzZEu1QELPGS3U9vKtWEyUCaCFwhn4af8zjeQ2MWeuLgCVDTjAjiGUbyYAtQBvC1″,»pass»:»10k»,»agent»:»XMRig/6.16.4 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019″,»algo»:[«cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn/ccx»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/upx2″,»rx/0″,»rx/wow»,»rx/arq»,»rx/graft»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»,»ghostrider»]}}
Abused crypto currency mining pool
The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»44W9eLcymm66Eie5AyD11jYW1DaJ4GTHzZEu1QELPGS3U9vKtWEyUCaCFwhn4af8zjeQ2MWeuLgCVDTjAjiGUbyYAtQBvC1″,»pass»:»10k»,»agent»:»XMRig/6.16.4 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019″,»algo»:[«cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn/ccx»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-
Phish spam site @51.15.139.10
Received: from 172-245-244-121-host.colocrossing.com (172.245.244.121 [172.245.244.121]) From: International Card Services < noreply-icscards@online.nl > Subject: Uw ongelezen bericht Date: 17 Mar 2022 09:1x:xx +0100 URL: https://s.id/actueel400 Server IP address is 45.126.58.78 Location: https://pxlme.me/t_ZeiC4e Server IP address is 51.15.139.10 Location: https://20297-3121.s1.webspace.re/ Server IP address is 45.88.108.231
Spamvertised website
2022-03-08 efmschool.com. 100 IN A 163.172.97.102 Received: from zimbra.tieline.com (185.105.116.202) From: •𝐾𝑟𝑒𝑑𝑖𝑡t <[]> Subject: 𝑅𝑒𝑓𝑖𝑛𝑎𝑛𝑠𝑖𝑒𝑟 𝑑𝑖𝑛 𝑔𝑗𝑒𝑙𝑑 𝑣𝑖𝑎 𝑈𝑛𝑜 𝐹𝑖𝑛𝑎𝑛𝑠 𝑜𝑔 𝑠𝑝𝑎𝑟 𝑝𝑒𝑛𝑔𝑒𝑟 Date: Wed, 2 Mar 2022 10:4x:xx -0500 https://bit.ly/3syK9Nh 67.199.248.10 http://efmschool.com/gS?MjIxMTc2MnRFNTcxNTQ3M0VwMGlZMFdoMndIcjE1MTA2OUhC 199.217.116.38 https://accerpunt.com/?a=4875&oc=14730&c=41260&m=3&s1=2211762&s2=21b-2211762-5715473-151069-0-04793 34.90.180.192
Phish spam site @51.15.139.10
Received: from default.reselling.services (45.82.121.242 [45.82.121.242]) From: International Card Services < service-international-klant@onsnet.nu > Subject: Jaarlijkse veiligheidsvoorschrift Date: 6 Mar 2022 07:4x:xx +0100 https://s.id/actueel200 => https://pxlme.me/ll8YJ-rL => https://ecstatic-galois.45-88-108-231.plesk.page/c63/ s.id. 529 IN A 45.126.58.78 pxlme.me. 248 IN A 51.15.139.10 ecstatic-galois.45-88-108-231.plesk.page. 3600 IN A 45.88.108.231
Malware botnet controller @51.15.239.39
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.15.239.39 on port 80 (using HTTP GET): hXXp://51.15.239.39/getfile/getfile//getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile $ nslookup 51.15.239.39 39-239-15-51.instances.scw.cloud Referencing malware binaries (MD5 hash): 036882b0a9acf373e83d00d62ecea992 — AV detection: 21… Читать далее Malware botnet controller @51.15.239.39