Рубрика: ovh.net

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 149.202.234.238 on port 443: $ telnet 149.202.234.238 443 Trying 149.202.234.238… Connected to 149.202.234.238. Escape character is ‘^]’ gcl-page.biz. 60 IN A 46.8.29.140

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://51.254.164.241/44471.1691809028.dat $ nslookup 51.254.164.241 ip241.ip-51-254-164.eu Referencing malware binaries (MD5 hash): 48350ac73f83379ad2378b89c5be68bd — AV detection: 3 / 59 (5.08)

$ host www.othervalid.com www.othervalid.com is an alias for othervalid.com. othervalid.com has address 213.32.106.141 othervalid.com has address 213.32.106.166 othervalid.com has address 213.32.106.139 othervalid.com has address 213.32.106.160 othervalid.com has address 213.32.106.170 Phished credit card data is collected here. https://jameshallybone.co.uk/small/js/register.php led us to «https://www.othervalid.com/?sl=x-x&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}» % Abuse contact for ‘213.32.106.128 — 213.32.106.255’ is ‘infrastructure.lu@olamobile.com’ inetnum: 213.32.106.128 — 213.32.106.255 netname:… Читать далее Без названия

Stolen credit card data sites: vclub.su. 100 IN A 217.182.190.186 __________________________ vclub.su. 100 IN A 195.2.73.159 __________________________ vclub.su. 100 IN A 45.143.138.79 __________________________ vclub.su. 100 IN A 45.150.67.51 __________________________ vclub.su. 100 IN A 195.2.92.97 __________________________ vclub.su. 100 IN A 185.144.30.23 ___________________________ vclub.su. 100 IN A 45.138.157.16 ___________________________ vclub.su. 99 IN A 188.225.9.201 ___________________________ vclub.su. 299… Читать далее Carding fraud site/forum: vclub.su

Return-Path: <mail@arab-zone.net> Received: from srv6.art4muslim.com (srv6.art4muslim.com [37.187.93.54]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Thu, 30 Sep 2021 ##:##:## +0300 (EEST) Authentication-Results: x; dkim=pass reason=»2048-bit key» header.d=arab-zone.net header.i=@arab-zone.net header.b=j62G/XYD; dkim-adsp=pass DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arab-zone.net; s=default; h=Content-Type:MIME-Version:Sender:To:Message-Id: Subject:Date:From:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive;… Читать далее Phishing origination against Nordea Bank (Nordics)

Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.254.187.177 on port 3705 TCP: $ telnet 51.254.187.177 3705 Trying 51.254.187.177… Connected to 51.254.187.177. Escape character… Читать далее RedLineStealer botnet controller @51.254.187.177

Spamhaus has observed spam from this range to addresses that had never asked for it. The behaviour has been consistent and gone on for more than a year. We have SBLCSS removal requests on file for IPs in this range going back to April 2020. Many of the domain names had already been automatically listed… Читать далее Predatory publisher: Heighten Science Publications Corporation

91.134.247.133 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 91.134.247.133 stops answering DNS queries for spamvertized domain names. NS345.DNSEVER.COM — ms-shopclub.su — ms-shophouse.su — ms-shopinfo.su — ms-shoplife.su — ms-shoplink.su — ms-shoplive.su — ms-shopzone.su —… Читать далее Canadian Pharmacy

Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range — Indian spammer