Рубрика: ovh.net

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 51.91.193.177 on port 80 (using HTTP GET): hXXp://51.91.193.177/uploads/requestApidblinuxCdn.php $ nslookup 51.91.193.177 2-i7-6700k-w-2-hosted-by.hshp.ovh Referencing malware binaries (MD5 hash): 58cfa3457f3b836c80deee4ca88e49c0 — AV detection: 39… Читать далее DCRat botnet controller @51.91.193.177

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://g.nxxxn.ga:443/sqlagentihc.exe g.nxxxn.ga. 3600 IN A 147.135.126.103

Received: from fujimaru.org ([157.65.164.67]) by [] with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <admin@fujimaru.org>) id [] for []; Tue, 11 Jan 2022 23:0x:xx +0000 Received: from unknown (HELO www.outlook.com) (admin@fujimaru.org@45.76.48.56) by dc63.etius.jp (157.65.164.67) with ESMTPA; 12 Jan 2022 08:0x:xx +0900 Reply-To: hello.equipe@hotmail.com From: «CanadaPost*» <admin@fujimaru.org> Subject: Delivery Notification for Item / Avis de livraison… Читать далее Phish spam site @192.99.34.40

Dolphin’s Group, a Kenya-based provider of business training, is spamming from this IP address. This company has many previous SBL listings. Received: from vps-e374eaac.vps.ovh.ca (vps-e374eaac.vps.ovh.ca [139.99.90.202]) Date: Mon, 10 Jan 2022 14:##:## +0300 From: «Bernice Kanini» <bernice.kanini@excellent-trainings.co.ke> Subject: JAN 2022 MOMBASA and NAIROBI Excellent Trainings for You….. <snip> Greetings, Happy New Year! Select below; your… Читать далее Spam Emitter (Dolphin’s Group)

Stolen credit card data websites: 92.222.241.68 cvv-market.su 2022-01-08 23:40:56 92.222.241.68 cvv-online.su 2022-01-09 10:42:07 92.222.241.68 cvv-ru.su 2022-01-09 21:50:04 92.222.241.68 cvvme-shop.su 2022-01-09 21:49:55 _____________________ Was: 216.73.159.105 cvv-com.su 2022-01-06 17:12:02 216.73.159.105 cvv-market.su 2022-01-06 17:11:42 216.73.159.105 cvv-online.su 2022-01-06 17:11:26 216.73.159.105 cvv-pro.su 2022-01-07 06:12:34 216.73.159.105 cvv-ru.su 2022-01-06 16:56:39 216.73.159.105 cvvme-shop.su 2022-01-06 17:16:36 216.73.159.105 cvvme-store.su 2022-01-06 17:16:58 216.73.159.105 cvvme.club 2022-01-06 17:02:12… Читать далее Cybercriminal carding gang at cvv-net.su, cvv-ru.su etc.

Mirai botnet controller hosted here: $ telnet 51.89.210.140 25565 Trying 51.89.210.140… Connected to 51.89.210.140. Escape character is ‘^]’.

Mirai botnet controller hosted here: $ telnet 51.75.166.195 23 Trying 51.75.166.195… Connected to 51.75.166.195. Escape character is ‘^]’.

Compromised server emitting phish spam starting Wed, 05 Jan 2022 03:00 UTC. Envelope sender forged to be the recipient address. solarwind.eu.com. 38400 IN A 91.121.238.33 ns303b.espace2001.com. 38400 IN A 91.121.238.33 inetnum: 91.121.238.32 — 91.121.238.47 netname: espace2001-3 country: FR descr: espace2001-3 org: ORG-EA521-RIPE admin-c: OTC2-RIPE tech-c: OTC2-RIPE ================================================================= Received: from ns303b.espace2001.com (HELO ns303b.espace2001.com) (91.121.238.33) by x… Читать далее phish source at solarwind.eu.com / espace2001.com

Bulk emailer mailzapp.io is operating a tracking host for bulk emails that they send on several IP addresses at OVH. Their customer supercool.email is sending spam to a list scraped from Whois records and other sources, possibly purchased from a third party. Spamhaus has seen occasional spamtrap hits from mailzapp.io, but so far this is… Читать далее tracking.supercool.email (Canonical: tracking.mailzapp.io)

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://46.105.81.76/44561.4718606481.dat2 $ nslookup 46.105.81.76 ip76.ip-46-105-81.eu