157.55.252.106|errors-wellsfargo.com|2022-01-14 05:56:13
Spam Emitter (OMICS)
This IP address hosts the A and MX records for the domain clinofsur.us. This domain belongs to OMICS, a publisher of «open-access» journals for scientific, engineering, and medical researchers and educators, is spamming from this IP address to advertise its journals. It appears in spam sent by OMICS as a dropbox, to receive responses. Received:… Читать далее Spam Emitter (OMICS)
Spam Emitter (OMICS)
OMICS, a publisher of «open-access» journals for scientific, engineering, and medical researchers and educators, is spamming from this IP address to advertise its journals. Received: from mail0.cliniofsurge.com (mail0.cliniofsurge.com [137.184.35.50]) Date: Tue, 11 Jan 2022 14:##:## +0000 From: Clinics of Surgery (ISSN 2638-1451) <editor@cliniofsurge.com> Reply-To: Clinics of Surgery (ISSN 2638-1451) <submission@clinofsurg.com> Subject: Honorable Invitation To Submit… Читать далее Spam Emitter (OMICS)
spam support (domains)
domain used in spam operation get-huusk.com [172.67.195.132]
Malware distribution & botnet controller @31.13.213.36
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware distribution located here: hXXp://okagks05.top/downfiles/file.exe Malware botnet controller located at 31.13.213.36 on port 443: $ telnet 194.87.185.143 443 Trying 194.87.185.143… Connected… Читать далее Malware distribution & botnet controller @31.13.213.36
TVRat botnet controller @104.21.62.22
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. TVRat botnet controller located at 104.21.62.22 on port 80 (using HTTP GET): hXXp://pshzbnb.com/update.php $ dig +short pshzbnb.com 104.21.62.22 Referencing malware binaries (MD5 hash): 6bc6b19a38122b926c4e3a5872283c56 — AV detection:… Читать далее TVRat botnet controller @104.21.62.22
advance fee fraud spam source at rusloterei.ru
Mail server distributing advance fee fraud (‘419’) spam thanks to a compromised password. rusloterei.ru. 3600 IN A 151.248.120.89 =================================================================================== Return-Path: <info@rusloterei.ru> Received: from rusloterei.ru (HELO rusloterei.ru) (151.248.120.89) by x (x) with (AES256-SHA encrypted) ESMTPS; Thu, 13 Jan 2022 xx:xx:xx +0000 Received: from 42-233-24-185.static.servebyte.com ([185.24.233.42] helo=User) by rusloterei.ru with esmtpa (Exim 4.63) (envelope-from <info@rusloterei.ru>) id x;… Читать далее advance fee fraud spam source at rusloterei.ru
OskiStealer botnet controller @172.67.136.167
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 172.67.136.167 on port 80 (using HTTP POST): hXXp://modexdeals.ir/6.jpg $ dig +short modexdeals.ir 172.67.136.167 Referencing malware binaries (MD5 hash): 44ac6fc2f8d02857f9d7a7bfde1e2376 — AV detection:… Читать далее OskiStealer botnet controller @172.67.136.167
RedLineStealer botnet controller @116.203.47.117
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 116.203.47.117 on port 3523 TCP: $ telnet 116.203.47.117 3523 Trying 116.203.47.117… Connected to 116.203.47.117. Escape character… Читать далее RedLineStealer botnet controller @116.203.47.117
Spamvertised website
Received: from 23.236.207.89 (EHLO baumzf.shared.fl00r1ngreplacementqu0te.design) X-Originating-Ip: [185.194.84.31] From: Eterna light <nieuwsbrief@e.debexybijenkorf.nl> Subject: keep your lights on during a blackout Date: Wed, 12 Jan 2022 08:3x:xx +0000 http://lightspeedage.com/[] 195.154.54.145 http://163.172.192.31/tr.php?[] 163.172.192.31 http://instrumentfresh.com/[] 104.227.171.149 https://www.l4n2fytrk.com/[]/?uid=364&sub1=200612&sub2=[]&sub3=[] 35.244.245.136 https://eternalight.originaldefense.com/blog/c?affID=304&C1=200612&C2=[]&C3=[]&C4=&C5=&click_id=[] 172.67.160.67