Рубрика: ovh.net

135.148.149.159 vps-cb7b666f.vps.ovh.us «8lj4v2b.com» 2021-12-27T18:00:00Z (+/-10 min) 135.148.149.159/32 (135.148.149.159 .. 135.148.149.159) == Sample ========================== From: «Chuachan» <hhfoyou43@gmail.com> Subject: my future investment proposed in your country To: .* Content-Type: text/plain; charset=us-ascii Reply-To: «Chuachan» <hhfoyou43@gmail.com>, hhfoyou43@gmail.com Date: .* X-Priority: 3 Hi, I just got your contact today during a research about your country and I will say that… Читать далее spam source

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. GCleaner botnet controller located at 51.38.95.22 on port 80 (using HTTP GET): hXXp://favartif.top/getFile.php Referencing malware binaries (MD5 hash): a12b8d3cd6f1fee82d85eb2b6ecc4d72 — AV detection: 39 / 68 (57.35) a361d0ab7facb9cb9d4f4508c45e7514… Читать далее GCleaner botnet controller @51.38.95.22

Gafgyt botnet controller hosted here: $ telnet 54.37.79.0 666 Trying 54.37.79.0… Connected to 54.37.79.0. Escape character is ‘^]’.

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 147.135.248.206 on port 22603 TCP: $ telnet 147.135.248.206 22603 Trying 147.135.248.206… Connected to 147.135.248.206. Escape character… Читать далее RedLineStealer botnet controller @147.135.248.206

The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»87rRyMkZM4pNgAZPi5NX3DdxksaoNgd7bZUBVe3A9uemAhxc8EQJ6dAPZg2mYTwoezgJWNfTpFFmnVYWXqcNDMhLF7ihFgM.wn29601″,»pass»:»x»,»agent»:»XMRig/6.13.1 (Windows NT 10.0; Win64; x64) libuv/1.41.0 msvc/2019″,»algo»:[«cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/ccx»,»cn/upx2″,»rx/0″,»rx/wow»,»rx/arq»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»]}}

12/22/2021: This range is still in use as shown below, so making the SBL listing live. 12/16/2021: Several IP addresses within this /28 host OMICS (Remedy) URIs in spam message headers and message bodies. OVH terminated services to OMICs recently, and the owner of this range appears to be suggesting that they have done so… Читать далее Spam Web Hosting (OMICS)

hXXps://irs.gov-tax-refund-submission.com/?verify irs.gov-tax-refund-submission.com has address 147.135.36.42

This IP address is emitting high volumes of sex dating site spam. In the footer of this email, the sex dating service acknowledges that it uses affiliates to drive traffic. The email addresses that received this spam allegedly signed up on an «affiliate» website, but none of the spamtraps that received this email requested this… Читать далее Spam Emitter (wst423.top — @Mail250) (emailimperdibili.info — sex dating spam customer)

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 51.38.94.87 on port 443. $ telnet 51.38.94.87 443 Trying 51.38.94.87… Connected to 51.38.94.87. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @51.38.94.87

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.125.27.236 on port 22 TCP: $ telnet 135.125.27.236 22 Trying 135.125.27.236… Connected to 135.125.27.236. Escape character… Читать далее AsyncRAT botnet controller @135.125.27.236