According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 78.155.222.138 port 443… Читать далее Malware / Botnet / Phishing hosting server @78.155.222.138
Spam Emitter (OMICS)
This IP address is sending spam for OMICS, a publisher of «open-access» journals that solicits contributions and (by implication) subscriptions by sending spam to scraped, purchased, or appended lists. OMICS has many previous and current SBL listings. Received: from e1.medopenaccessjrnl.biz (e1.medopenaccessjrnl.biz [164.92.221.151]) Received: from 209.105.239.144 (unknown [209.105.239.144]) Date: Mon, 17 Jan 2022 15:##:## +0530 From:… Читать далее Spam Emitter (OMICS)
Spam Emitter (OMICS)
This IP address is sending spam for OMICS, a publisher of «open-access» journals that solicits contributions and (by implication) subscriptions by spamming scraped, purchased, or appended lists. OMICS has many previous and current SBL listings. Received: from e2.medjournalarticle.biz (e2.medjournalarticle.biz [104.248.139.216]) Received: from 45.35.13.211 (unknown [45.35.13.211]) Date: Mon, 17 Jan 2022 23:##:## +0530 From: Dentistry Journal… Читать далее Spam Emitter (OMICS)
Phish spam source @35.88.165.52
Received: from vps.mindmill.com (HELO vps.mindmill.com) (103.171.180.236) by mx.spamhaus.org (qpsmtpd/0.80) with (AES256-SHA encrypted) ESMTPS; Mon, 17 Jan 2022 17:54:18 +0000 Received: from mailservers.com (ec2-35-88-165-52.us-west-2.compute.amazonaws.com [35.88.165.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by vps.mindmill.com (Postfix) with ESMTPSA id 67D784BD3E7D for <[]@spamhaus.org>; Mon, 17 Jan 2022 22:59:48 +0530 (IST) From: Server Notification <support@mailservers.com>… Читать далее Phish spam source @35.88.165.52
Spamvertised website
Received: from iustocouny.newdom.com (20.77.57.222) Date: Mon, 17 Jan 2022 12:34:00 +0000 From: 💖💖 Charming Russian Girls 💖💖 <> Subject: Find Your Russian Girl Who is Your Destiny 😍😍 https://storage.googleapis.com/emsidan/clickk.html#[] 142.250.65.80 http://gotogml.com/track/[] 5.188.160.20 https://www.thenameiva.com/[]/?sub1=10&sub2=[]&sub3=[] 185.95.85.177 https://www.meetrussianlady.com/qa/register03.php?aid=1607&oid=CP282603&qpid_offer_id=[]&qpid_subid=1989&qpid_clickid=[]&source_tag= 54.193.5.120
affiliate spam @meetrussianlady.com
Received: from iustocouny.newdom.com (20.77.57.222) Date: Mon, 17 Jan 2022 12:34:00 +0000 From: 💖💖 Charming Russian Girls 💖💖 <> Subject: Find Your Russian Girl Who is Your Destiny 😍😍 https://storage.googleapis.com/emsidan/clickk.html#[] 142.250.65.80 http://gotogml.com/track/[] 5.188.160.20 https://www.thenameiva.com/[]/?sub1=10&sub2=[]&sub3=[] 185.95.85.177 https://www.meetrussianlady.com/qa/register03.php?aid=1607&oid=CP282603&qpid_offer_id=[]&qpid_subid=1989&qpid_clickid=[]&source_tag= 54.193.5.120
Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Stolen credit card data websites: https://ascarding.com/ >>> https://infodig.is/ infodig.ch. 600 IN A 45.132.18.84 infodig.domains. 600 IN A 45.132.18.84 infodig.sx. 600 IN A 45.132.18.84 ________________ Was: infodig.ch. 600 IN A 91.224.22.37 infodig.domains. 600 IN A 91.224.22.37 infodig.sx. 600 IN A 91.224.22.37 ________________ Was: infodig.ch. 600 IN A 94.142.143.16 infodig.domains. 600 IN A 94.142.143.16 infodig.sx. 600 IN… Читать далее Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Phish spam site @46.4.123.254
Received: from frange.co.jp ([111.89.200.198]) by [] with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <info@frange.co.jp>) id [] for [] Sat, 15 Jan 2022 10:1x:xx +0000 Received: from unknown (HELO www.outlook.com) (info@frange.co.jp@45.32.32.253) by dc52.etius.jp (111.89.200.198) with ESMTPA; 15 Jan 2022 19:1x:xx +0900 Reply-To: hossainfsabbir@gmail.com From: «CanadaPost» <info@frange.co.jp> Subject: [Action required] Delivery Notification for Item / Avis… Читать далее Phish spam site @46.4.123.254
Loki botnet controller @104.21.37.76
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.37.76 on port 80 (using HTTP POST): hXXp://mainlandtoisland.ml/BN2/fre.php $ dig +short mainlandtoisland.ml 104.21.37.76 Referencing malware binaries (MD5 hash): c02cb63889491bf66eb4c4393c484e05 — AV detection:… Читать далее Loki botnet controller @104.21.37.76
Loki botnet controller @172.67.131.97
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.131.97 on port 80 (using HTTP POST): hXXp://augmentinprod.ir/jin/five/fre.php $ dig +short augmentinprod.ir 172.67.131.97 Referencing malware binaries (MD5 hash): 56e39caae9b7926e6298ae0625bb9385 — AV detection:… Читать далее Loki botnet controller @172.67.131.97