The host at this IP address (104.43.140.101) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://technologydistilled.com/a-nurse-ss8d9/z/ AS number: AS8075 AS name: MICROSOFT-CORP-MSN-AS-BLOCK
Рубрика: microsoft.com
Malware distribution @52.173.77.140
The host at this IP address (52.173.77.140) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://catchpoolshetlands.co.uk/border-design-fjk/8fGEiO7xg7WfdRWDoQ/ http://catchpoolshetlands.co.uk/border-design-fjk/ohTJ/ https://catchpoolshetlands.co.uk/border-design-fjk/ohTJ/ AS number: AS8075 AS name: MICROSOFT-CORP-MSN-AS-BLOCK
Malware distribution @20.79.41.2
The host at this IP address (20.79.41.2) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://20.79.41.2/bins/Ares.arm4 http://20.79.41.2/bins/Ares.arm5 http://20.79.41.2/bins/Ares.arm http://20.79.41.2/bins/Ares.sh4 http://20.79.41.2/bins/Ares.ppc http://20.79.41.2/bins/Ares.arm7 http://20.79.41.2/bins/Ares.m68k http://20.79.41.2/bins/Ares.mpsl http://20.79.41.2/bins/Ares.x86 http://20.79.41.2/bins/Ares.arm6 http://20.79.41.2/bins/Ares.mips AS number: AS8075 AS name: MICROSOFT-CORP-MSN-AS-BLOCK
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: esoexperthtml56@outlook.com Subject: Magento Templates Design & Customizations Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================… Читать далее Abused / misconfigured newsletter service (listbombing)
Spam source @40.92.255.41
The host at this IP address is emitting spam emails. Spam sample ========================================= From: dayana44dyer@hotmail.com Subject: Fd: Website Redesign & Re DnD =========================================
phishing server
hXXp://junkrunnersarsenal.cf/chase.login.com.en-us.noredirect-true.destpage-dashboard-inav-menu-myacct-acctsum/ junkrunnersarsenal.cf pakgeographics.org stat-ivory.tk ivory-stats.tk freebtcsatoshi.tk kiwancorp-services2.tk ivory-csgo.tk sandcgiftideas.tk artzilly.tk ruisilva.ml frizerstvomacho.tk adultdatinghome.tk appslogin.ml gladyseslater.cf carlandstaceyposters.cf carlandstaceyposters.ga carlandstaceyposters.gq carlandstaceyposters.ml nkn-learning.tk
Spam source @40.92.253.39
The host at this IP address is emitting spam emails. Spam sample ========================================= From: shariqwebsolutionservice@hotmail.com Subject: 1st page of Google =========================================
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: jasminaemcgrath@hotmail.com Subject: Re-web-Designer/Developer Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order to resolve… Читать далее Abused / misconfigured newsletter service (listbombing)
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: simonhowardea@outlook.com Subject: Re: gentle reminder Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order… Читать далее Abused / misconfigured newsletter service (listbombing)
DNS nameserver for phish and abuse
20.72.208.97 is currently in use as a nameserver for phish and abuse domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 20.72.208.97 stops answering DNS queries for spamvertized domain names. 2 Nameservers seen on 20.72.208.97: NS2.PE-APS.COM — asialloyds.com — com-portal.net — lieusim.com — sdfsdfsdfsqweqweqweqwe.com… Читать далее DNS nameserver for phish and abuse