Рубрика: oracle.com

This IP address is sending spam for a prolific list seller that uses the names BOOM OF SALES, BOOM DE VENDA, SUPER LIST, and «Corbett Software», among others. Both the volumes of spam and the lists for sale are unacceptable to Spamhaus. Received: from mail.expinn.info (unknown [150.136.171.0]) Date: Sun, 13 Mar 2022 04:##:## -0700 From:… Читать далее Spam Emitter (BOOM OF SALES) (Corbett Software)

129.158.206.234|online-secure0-web-boa.com|2022-03-21 20:37:09

129.146.43.114|online-01-web.com|2022-03-10 22:01:55 129.146.43.114|online-secure01b-wells-secure.com|2022-03-10 20:02:42

155.248.250.102|ch4se-support.com|2022-03-03 18:37:24 155.248.250.102|cha5e-support.com|2022-03-05 14:36:24 155.248.250.102|chase07a.com|2022-03-02 13:43:38 155.248.250.102|chaseissue.com|2022-03-01 15:16:52 155.248.250.102|chaseisuue.com|2022-03-01 15:41:47 155.248.250.102|chaseo7b.com|2022-03-03 19:57:51 155.248.250.102|chasesuports.com|2022-03-01 15:42:08 155.248.250.102|chaze-issue.com|2022-03-04 08:13:35 155.248.250.102|chzlogin.com|2022-03-05 20:31:03 155.248.250.102|report-chase.com|2022-03-01 18:02:16 155.248.250.102|se4urechase.com|2022-03-04 08:19:09 155.248.250.102|secureyourchase.com|2022-03-05 19:31:03 155.248.250.102|wells-check.com|2022-03-04 16:23:36

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 129.151.83.165 on port 7177 TCP: $ telnet 129.151.83.165 7177 Trying 129.151.83.165… Connected to 129.151.83.165. Escape character… Читать далее AsyncRAT botnet controller @129.151.83.165

using fake «Short URL» domains to SMS phish 130.162.39.185|authly-infob2.com|2022-01-19 20:07:09 130.162.39.185|bverify-2info.com|2022-01-19 14:13:29 130.162.39.185|clean-verify2host.com|2022-01-18 18:07:30 130.162.39.185|hostb2-verifyuser.com|2022-01-18 19:07:25 130.162.39.185|security-serverb2.com|2022-01-18 01:12:51 130.162.39.185|securlyb2-info.com|2022-01-19 18:12:02 130.162.39.185|userb02-authen9.com|2022-01-19 17:27:49 130.162.39.185|verifyb2-server09.com|2022-01-18 18:12:16 130.162.39.185|web-hostverify.com|2022-01-17 18:17:13

150.136.54.63|04reusps.com|2022-01-05 23:51:38

129.146.122.66|amazon-availablesignin.ga|2022-01-02 15:09:16 129.146.122.66|amazon-signin.ga|2022-01-01 15:36:25 129.146.122.66|connect-signin.ga|2022-01-01 08:51:15 129.146.122.66|connectivate-siginin.ga|2021-12-31 10:26:11 129.146.122.66|help-chase.ml|2022-01-02 15:03:49 129.146.122.66|online-citi.ga|2022-01-03 15:17:48 129.146.122.66|online-citi.ml|2022-01-03 15:08:08 129.146.122.66|online-citibank.ga|2022-01-03 13:01:44 129.146.122.66|online-citibank.ml|2022-01-03 14:02:28 129.146.122.66|package-tracking.gq|2021-12-31 11:36:28 129.146.122.66|package-usps.ga|2021-12-31 14:56:15 129.146.122.66|secur07c-chase.ga|2021-12-31 14:36:07

securewellsdashboar.servehttp.com has address 155.248.196.59

140.238.126.215|help-navyfederal.ml|2021-12-30 00:46:11 140.238.126.215|navyfederal-help.ml|2021-12-30 04:40:54 140.238.126.215|tracking-postl.ga|2021-12-29 23:06:25 140.238.126.215|tracking-uspspostals.ga|2021-12-29 13:32:00 140.238.126.215|usps-trackingpostl.gq|2021-12-29 13:56:27