Рубрика: microsoft.com

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 40.127.139.164 on port 61483 TCP: $ telnet 40.127.139.164 61483 Trying 40.127.139.164… Connected to 40.127.139.164. Escape character… Читать далее Vjw0rm botnet controller @40.127.139.164

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 138.91.49.153 on port 51118 TCP: $ telnet 138.91.49.153 51118 Trying 138.91.49.153… Connected to 138.91.49.153. Escape character… Читать далее Vjw0rm botnet controller @138.91.49.153

Received: from vdds-34.uaenorth.cloudapp.azure.com (HELO glo2.maxtel.dk) (20.74.133.138) by xx; Sun, 04 Apr 2021 10:22:51 +0000 From: |Mal|e| |Break|through| <GhcoJ@maxtel.dk> To: xx Reply-To: reply_to@201888-1381.maxtel.dk Message-ID: <xx@maxtel.dk> Subject: Your Savage order is pending — Please Confirm MIME-Version: 1.0 Content-Type: text/html; charset=»UTF-8″ Date: Sun, 04 Apr 2021 12:22:46 +0200 To protect your privacy, remote images are blocked in this… Читать далее Spamming pills

Received: from goldenfast.net (103.102.153.161) by VE1EUR01FT006.mail.protection.outlook.com (10.152.2.127) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28 via Frontend Transport; Sun, 4 Apr 2021 21:0x:xx +0000 Received: from [40.126.247.88] (port=60493 helo=testedr-win10-1.lzyboevaxt1utnp0vrr2izwglg.px.internal.cloudapp.net) by 103-102-153-161.cprapid.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from <admin-etalase@etalase.web.id>) id [] for []; Mon, 05 Apr 2021 02:3x:xx +0530 From: CARL STEFAN ERLING PERSSON<admin@ctsmgroup.com>… Читать далее spam emitter @40.126.247.88

Received: from TestSMTPScript (52.152.162.172 [52.152.162.172]) by [] with SMTP id []; Mon, 5 Apr 2021 13:2x:xx -0700 (PDT) Received: from User ([154.118.0.201]) by TestSMTPScript with Microsoft SMTPSVC(10.0.14393.4169); Mon, 5 Apr 2021 20:2x:xx +0000 Return-Path: <accdeptfedminagricn1@gmail.com> Reply-To: <dr_kennobiorah6@yahoo.com> From: «Dr.Ken Obiorah»<accdeptfedminagricn1@gmail.com> Subject: Business Proposal…….!!!!..52.152 Date: Mon, 5 Apr 2021 21:2x:xx +0100 Dear Good Friend I am… Читать далее spam emitter @52.152.162.172

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 137.116.241.69 on port 5033 TCP: $ telnet 137.116.241.69 5033 Trying 137.116.241.69… Connected to 137.116.241.69. Escape character… Читать далее Vjw0rm botnet controller @137.116.241.69

The host at this IP address is emitting spam emails. Spam sample ========================================= From: aditya.digitalmarketingservices@outlook.com Subject: Re: RE..New Website =========================================

The host at this IP address is emitting spam emails. Spam sample ========================================= From: amitkumarsingh456@outlook.com Subject: RE: Follow-up =========================================

fe-shop18.ru. 3599 IN NS ns2.pe-sipodemos.com. fe-shop18.ru. 3599 IN NS ns1.pe-sipodemos.com. ns1.pe-sipodemos.com. 299 IN A 40.67.244.144 ns2.pe-sipodemos.com. 299 IN A 20.72.208.97 40.67.244.144 ns1.pe-aps.com 2021-04-10 07:01:38 40.67.244.144 ns1.pe-sipodemos.com 2021-04-09 22:05:03 20.72.208.97 ns2.pe-aps.com 2021-04-10 07:01:38 20.72.208.97 ns2.pe-sipodemos.com 2021-04-10 06:55:14 Phishing and carder DNS domains: @ns_.pe-aps.com asialloyds.com com-portal.net lieusim.com sdfsdfsdfsqweqweqweqwe.com sudohackers.com @ns_.pe-sipodemos.com 1823sc0t6a-28stup934.com 1s1c01t1a1-7acc771.com 1sc0ti1a171-7a1cc7.com 2021scot1a187.com 4sc0ta729462349-2374.com 4sc7ta7-ac09ia.com 58345-7sc0ta9up1nf0.com… Читать далее Dirty range: Hosting phishing and carder DNS servers

Spammer hosting located here: https://clt1324614.bmetrack.com/c/l?u=X -> http://arenabab.space/app/wrap/X —> https://www.lightutil.com/6NP2CC7/QTXT8SN/?creative_id=X —> https://www.storiespedia.com/nachrichten-sys/?sub1=X —-> https://www.vbpol29.com/QFXQ25Q/5WGFT4/?sub1=X ——> https://ss852cctrkflw.com/transaction/click/X ——> https://btclangsapp.com/index.php?id=X $ dig +short www.lightutil.com 52.186.31.137 Spam sample ================================== Received: from vulkanpartner.com (static.169.65.47.78.clients.your-server.de [78.47.65.169]) by X (Postfix) with ESMTP id X for <X>; Sat, 10 Apr 2021 X To: X Received: by 2002:a05:6520:458c:b029:ef:27d6:f980 with SMTP id X; Sat, 10… Читать далее Spammer hosting @52.186.31.137