Рубрика: ovh.net

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.125.128.108 on port 443: $ telnet 135.125.128.108 443 Trying 135.125.128.108… Connected to 135.125.128.108. Escape character is ‘^]’ Malicious domains observed at this… Читать далее Malware botnet controller @135.125.128.108

Stolen credit card data websites: buying-cc-on-dark-web.ru. 14400 IN A 139.99.247.45 credit-card-database-dump.ru. 14400 IN A 139.99.247.45 _____________________________ Was: 91.201.55.248 buying-cc-on-dark-web.ru 2022-01-29 09:56:24 91.201.55.248 credit-card-database-dump.ru 2022-01-29 09:56:09 91.201.55.248 dark-web-cvv-shop.ru 2022-01-29 09:56:23 91.201.55.248 dump-furniture-store-near-me.ru 2022-01-29 09:56:25 91.201.55.248 hacked-paypal-accounts-dump.ru 2022-01-29 11:46:42 _____________________________ Was: 45.85.117.124 altenen-free-credit-card.ru 2022-01-28 05:46:26 45.85.117.124 atm-dumps.ru 2022-01-28 07:47:11 45.85.117.124 best-bins-for-cc.ru 2022-01-28 07:47:29 45.85.117.124 best-cc-dump-sites.ru 2022-01-28 07:46:45… Читать далее Credit card fraud gang hosting: hacked-paypal-accounts-dump.ru (zuganov-lox.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)

Hosting dozens of sites with stolen credit card data: Stolen credit card data website example: https://best-dumps.su/ ;; QUESTION SECTION: ;best-dumps.su. IN NS ;; ANSWER SECTION: best-dumps.su. 14399 IN NS ns2.domen-domik.ru. best-dumps.su. 14399 IN NS ns1.domen-domik.ru. ns1.domen-domik.ru. 7139 IN A 145.239.124.225 ns2.domen-domik.ru. 7135 IN A 5.188.89.74 _________________ ns1.domen-domik.ru. 7139 IN A 45.156.119.7 ns2.domen-domik.ru. 7135 IN A… Читать далее Carding fraud site/forum DNS: domen-domik.ru (best-dumps.su / yalelodge-shop.com / sky-fraud.su etc.)

This IP address hosts the A and MX records of the domain openacessaustinjunls.info. This domain handles web-based unsubscriptions for spam sent by Austin Publishing, aka OMICS. OMICS is a publisher of «open-access» journals that solicits contributions and (by implication) subscriptions through spam sent to scraped, purchased or appended email addresses. OMICS sends a great deal… Читать далее Spam Hosting/Web (panelb.openacessaustinjunls.info) (Austin Publishing) (OMICS)

Received: from wavylines.xyz (wavylines.xyz. [51.38.177.177]) Subject: Details Apply Date: [DATE] From: «»[]»» <[]@wavylines.xyz> https://s3-us-west-2.amazonaws.com/ex2ak34tq/[] 52.218.204.24 http://typographyfirst.click//cl/4105_md/[] 193.36.237.179 https://zakatsnose.com/[] 193.68.89.144 https://acusticstoves.com/?s1=350310&s2=[]&s3=2576&s4=1553&ow=&s10=657 172.67.158.25 https://yettmarina.com/[] 104.21.11.116 https://chubberz.com/click?s2=[]&s1=350310&s3=2576&trvid=10386&s4=1553&ow=8 209.236.112.79 https://www.lz5bmtrk.com/4RQSJ/6JHXF/?sub2=[] 34.120.145.181 https://www.techratedgadgets.com/monthlydeal/PT1/?affid=3&c1=&c2=[]&c3=&click_id=[] 172.67.195.122

This IP address is sending spam for @Mail250, a bulk email sender that sends for customers. @Mail250 claims that it is an ESP, but the quantity of spam that it sends and the heavily anonymized domains and scattered IP addresses suggest that its primary purpose is to evade blocklists for customers who would otherwise be… Читать далее Spam Emitter (ckt157.top) (@Mail250)

Spam source. mail.forcemindbiz.com. 3600 IN A 141.95.17.184 ================================================================================== Return-Path: <emilio.caruso@forcemindbiz.com> Received: from mail.forcemindbiz.com (mail.forcemindbiz.com [141.95.17.184]) by x (Postfix) with ESMTPS id x for <x>; Tue, 22 Feb 2022 xx:xx:xx +0100 (CET) Received: by mail.forcemindbiz.com (Postfix, from userid 1002) id x; Tue, 22 Feb 2022 xx:xx:xx +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=forcemindbiz.com; s=mail; t=x; bh=x=;… Читать далее spam source — forcemindbiz.com

https://bulletproof-hosting.com >>> https://bulletproof.su/? >>> https://t.me/ffservice? ns1.nospamdns.ru. 7162 IN A 51.77.158.21 ns2.nospamdns.ru. 7159 IN A 195.14.189.85 ________________ ns1.nospamdns.ru. 7162 IN A 147.78.64.176 ns2.nospamdns.ru. 7159 IN A 5.188.89.72 ________________ ns1.nospamdns.ru. 7162 IN A 147.78.64.176 ns2.nospamdns.ru. 7159 IN A 213.189.219.126 ________________ ns1.nospamdns.ru. 7162 IN A 2.57.187.44 ns2.nospamdns.ru. 7159 IN A 213.59.127.149 ________________ ns1.nospamdns.ru. 7162 IN A 2.57.186.199 ns2.nospamdns.ru.… Читать далее FastFlux hosting provider — who use hacked servers to host malware, phish, etc. (DNS server)

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.125.241.37 on port 443: $ telnet 135.125.241.37 443 Trying 135.125.241.37… Connected to 135.125.241.37. Escape character is ‘^]’ ads-memory.biz. 60 IN A 135.125.241.37… Читать далее Malware botnet controller @135.125.241.37

Poorly configured MSA or other SMTP sender (possibly insecure) has sent spam from this IP address for a year. No SMTP response from the IP address: $ telnet 167.114.117.203 25 Trying 167.114.117.203… telnet: connect to address 167.114.117.203: Connection timed out $ host 167.114.117.203 203.117.114.167.in-addr.arpa domain name pointer ns511807.ip-167-114-117.net.