The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.89.12.180 on port 47008 TCP: $ telnet 51.89.12.180 47008 Trying 51.89.12.180… Connected to 51.89.12.180. Escape character… Читать далее RedLineStealer botnet controller @51.89.12.180
Рубрика: ovh.net
Survey spammer (Kantar.fi)
2/03/2022: Kantar.fi has moved to new ESPs, Amazon SES and Elasticmail, but continues to spam in the same volumes and at least some of the same email addresses that it did when it waas listed with its previous sender. The previous SBL listing is included beneath this listing, for Elasticmail’s reference. Both spams are survey… Читать далее Survey spammer (Kantar.fi)
Spam Emitter (Dolphins Group)
This IP address is sending spam for Dolphins Group, a Kenya-based provider of business training seminars/webinars that advertises its services through spam. Received: from ip222.ip-139-99-54.net (ip222.ip-139-99-54.net [139.99.54.222]) Date: Thu, 3 Feb 2022 17:##:## +0300 From: «Angela Muli» <angela.muli@upcoming-skills-trainings.com> Reply-To: <bernice@dolphinsgroupafrica.com> Subject: Feb 2022 MOMBASA and NAIROBI Trainings <x> <snip> Contact: beatrice.kairu@dolphinsgroupafrica.com or vanessa.mugwanja@dolphinsgroupafrica.com Mobile +… Читать далее Spam Emitter (Dolphins Group)
Spam A/MX Server (dolphinsgroupafrica.com) (Dolphins Group)
This IP address hosts dolphinsgroupafrica.com, which belongs to Dolphins Group. The domain appears in spam in various roles, including as the domain of dropbox email addresses so that spam recipients can contact the spammers. It therefore serves a vital role in the spam operation. Dolphins group is a Kenya-based provider of business training seminars/webinars that… Читать далее Spam A/MX Server (dolphinsgroupafrica.com) (Dolphins Group)
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
Spam Hosting (dolphins-group-dolphins-training.business.site) (Dolphins Group)
Google hosts dolphins-group-dolphins-training.business.site, which is assigned to Dolphins Group. This hostname appears in reccent spam sent to advertise the services of Dolphins Group, an active and long-time spammer tracked by the Spamhaus Project. Dolphins Group has a number of previous and current SBL listings. Because this site is used to provide a means of spam… Читать далее Spam Hosting (dolphins-group-dolphins-training.business.site) (Dolphins Group)
Mirai botnet controller @198.50.242.157
Mirai botnet controller hosted here: $ telnet 198.50.242.157 666 Trying 198.50.242.157… Connected to 198.50.242.157. Escape character is ‘^]’.
Malware hosting (escallation)
Malware hosting with no response to notifications: SBL540633 147.135.126.103 2022-01-16 [Spamhaus] FINAL REMINDER: Malware distribution at 147.135.126.103 (SBL540633) SBL540633 147.135.126.103 2022-01-13 [Spamhaus] REMINDER: Malware distribution at 147.135.126.103 (SBL540633) SBL540633 147.135.126.103 2022-01-12 SBL Notify: IP: 147.135.126.103 added to Spamhaus Block List (SBL) NetRange: 147.135.126.100 — 147.135.126.103 CIDR: 147.135.126.100/30 NetName: OVH-CUST-10640361 NetHandle: NET-147-135-126-100-1 Parent: OUL-16 (NET-147-135-0-0-1) NetType:… Читать далее Malware hosting (escallation)
Malware botnet controllers @51.254.57.46
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.254.57.46 on port 443: $ telnet 51.254.57.46 443 Trying 51.254.57.46… Connected to 51.254.57.46. Escape character is… Читать далее Malware botnet controllers @51.254.57.46
phishing server
Longterm phishing server 51.161.33.140|apple-me.us|2022-01-08 11:56:25 51.161.33.140|apple-store.us|2022-01-07 07:27:00 51.161.33.140|appleid-maps.us|2022-01-08 15:03:56 51.161.33.140|applestore-app.us|2022-01-05 18:26:33 51.161.33.140|findmyiphone-devices.com|2022-01-18 06:41:45 51.161.33.140|idevices-help.us|2022-01-08 07:21:15 51.161.33.140|mi-account.us|2022-01-05 18:26:45 51.161.33.140|spectrosserver2.us|2022-01-18 06:41:13 51.161.33.140|supp-flndmylphone.us|2022-01-05 17:41:32 51.161.33.140|support-findmyiphone.us|2022-01-04 20:51:40 51.161.33.140|support-id.support|2022-01-11 14:53:05