Рубрика: microsoft.com

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://o7therapy.com/wp-content/plugins/all-in-one-wp-migration/storage/JST10x.php Host: o7therapy.com IP address: 13.94.135.183 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://solicon.us/rjfkebztlo.php Host: solicon.us IP address: 52.172.204.196 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://saintmaron.org/wp-content/plugins/classic-editor/js/JST10x.php Host: saintmaron.org IP address: 168.63.73.207 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://solicwebaps.azurewebsites.net/dbtayzipqcvrw.php Host: solicwebaps.azurewebsites.net IP address: 52.172.219.121 Hostname: n/a

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 191.237.249.247 on port 1996 TCP: $ telnet 191.237.249.247 1996 Trying 191.237.249.247… Connected to 191.237.249.247. Escape character… Читать далее CyberGate botnet controller @191.237.249.247

The host at this IP address is emitting spam emails. Spam sample ========================================= From: ceo_mobileapps@outlook.com Subject: Re: Share your Mobile App Need ? =========================================

The host at this IP address (52.172.211.121) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://livetrack.in/EmployeeMasterImages/qace.jpg AS number: AS8075 AS name: MICROSOFT-CORP-MSN-AS-BLOCK

The host at this IP address is being (ab)used to «listbomb» email addresses: From: richalwhyne@hotmail.com Subject: Follow Up: Site Re_Designer. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address (52.163.122.115) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://goldcoastoffice365.com.au/temp/OCT/ http://goldcoastoffice365.com.au/temp/invoice/sjz8vco1o19/06hr22141545123d5e2mdjojchldx/ http://goldcoastoffice365.com.au/temp/report/5awgnu04p6u/ http://goldcoastoffice365.com.au/temp/FILE/ieBFc89ffPgMRX/ http://goldcoastoffice365.com.au/temp/Pages/oELBN0YOwEQ6ieJTsfj0/ http://goldcoastoffice365.com.au/temp/Sxb0Kx1cCv7vlazsatX7vqIxyzTTeykbjedPB8b7HhWi0BO/ http://goldcoastoffice365.com/temp/JVjhjq/ http://goldcoastoffice365.com/temp/swift/jbpn6pn4m8/ http://goldcoastoffice365.com/temp/RAr9U/ http://goldcoastoffice365.com/temp/9HCdvrEa/ http://goldcoastoffice365.com/temp/INC/2CXnBe3it2/ http://goldcoastoffice365.com/temp/Document/pppSSSYqLY/ AS number: AS8075 AS name: MICROSOFT-CORP-MSN-AS-BLOCK

The host at this IP address (23.96.103.159) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://help.hizuko.com/groovy-count/FILE/pkiadn813d-00034986/ https://help.hizuko.com/groovy-count/47HLm/INC/238785/9ymyqfn7z0y-165424/ https://help.hizuko.com/groovy-count/oct/0xmvft0c9nff/ AS number: AS8075 AS name: MICROSOFT-CORP-MSN-AS-BLOCK