Рубрика: microsoft.com

The host at this IP address is being (ab)used to «listbomb» email addresses: From: marcstromvig@outlook.com Subject: Mobile Apps — Service Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In… Читать далее Abused / misconfigured newsletter service (listbombing)

Received: from pwbcdnvzvfgiedm.com (104.215.30.11 [104.215.30.11]) From: Male Enhancement <JPrqi.yeF8Kh3u12@2wPiUY1RIzb2C7.com> Subject: [] Curious About Male Enhancement? Try this Risk Free Date: Wed, 02 Dec 2020 02:54:42 +0000 https://3215166kqsnqsndkqjsdqks.fra1.digitaloceanspaces.com/321564684564sesdf%20sdiuidf%20sidufisdf%20sidfuisdf%20isdbfis%20dfisdufsdf%20sdfsdf.htm

The host at this IP address is being (ab)used to «listbomb» email addresses: From: dineshdjfij@outlook.com Subject: Re: Mobile Apps Development Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: mariavickers76@outlook.com Subject: Re: follow up.!! Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address (13.107.42.12) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://mxpiqw.am.files.1drv.com/y4mDtg18tb7DDYTw-BP_WtV3wbPvPjW0256lBBVyMyuebLHkGZ0YlMvqMu765wzll9WMQtk4JSFiryJPIPYuVwmFtHwJojEPaX_Kgavqfg7Wqah59QJt6TuiziVma5hqjn2gfbONlH3PBOjwxvkV7NaTWqHG3Ko36pX_GjM_UajFjeeW2tqlUWPkQVOWmOAb5V0VrDLA3dwat0bVxfjxmm0TQ https://8poieq.bn.files.1drv.com/y4mYX5Gh0SPFi1GwMJW9RgGSxe_0RqzXlS8M94mkoEzzpM_Dh0ias0V4J1H8CLvxVszGicNAktAULrswFVHoExZjo_q8K1qQL-hORgdUBAaZHJOfZlFC_l6dbUrySJO5y_FDmM6L_2roJd-NEJBDsegV47dm4hO44J7uB3ha__jLINUjg03iTEy2oxN_py2yhctWtoPs2B-GwWh8mnFtYXzzA AS number: AS8068 AS name: MICROSOFT-CORP-MSN-AS-BLOCK Hostname: 1drv.ms

Received: from miekofishing.se (52.232.82.193) From: Portable Oxygen Depot<support@mail.pendaramyamya.com> Subject: Portable Oxygen Concentrators for as low as $45/Month Date: Wed, 16 Dec 2020 20:0x:xx +0000 URL: http://ajvcbxk.khesnadollarplzzzzz.com/[] Server IP address is 96.126.72.25 => Location: http://exactarget.me/exactarget/controller.php?p=96.126.72.25&c=[]&e=[]&m=519 Server IP address is 79.143.180.127 => Location: http://79.143.180.127/s.php?l=[]&off=103 Server IP address is 79.143.180.127

The final payload for the DHL phishing spams in SBL506061-065 is on 104.46.225.133. $ host tracking-dhi.company tracking-dhi.company has address 104.46.225.133 # whois.wildwestdomains.com Domain Name: tracking-dhi.company Registry Domain ID: 17b8c346b78f4c9ea5aa26e206cb394d-DONUTS Registrar WHOIS Server: whois.wildwestdomains.com Registrar URL: http://www.wildwestdomains.com Updated Date: 2020-12-20T21:17:32Z Creation Date: 2020-12-20T21:17:31Z Registrar Registration Expiration Date: 2021-12-20T21:17:31Z Registrar: Wild West Domains, LLC Registrar IANA ID:… Читать далее Phishing payload against DHL

The host at this IP address is emitting spam emails. Spam sample ========================================= From: raniwilfredqss@outlook.com Subject: RE: Design your website =========================================

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.146.42.226 on port 5600 TCP: $ telnet 52.146.42.226 5600 Trying 52.146.42.226… Connected to 52.146.42.226. Escape character… Читать далее AveMariaRAT botnet controller @52.146.42.226

The host at this IP address is being (ab)used to «listbomb» email addresses: From: info@tropicalcentre.com Subject: Happy holidays! Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order to… Читать далее Abused / misconfigured newsletter service (listbombing)