Hosting.Black — Страница 158 — Полный архив спамхауса, просто так, чтобы было для Истории рынка | hostsuki.link | добавить мониторинг если нету категории/компании, напишите на hosting-black@hosting.wtf

Spammer hosting @188.165.1.80

Spammer hosting located here: http://tracking.hostingseekers.net/tracking/click $ dig +short tracking.hostingseekers.net api.elasticemail.com. 188.165.1.80 54.38.226.140 94.23.161.19 46.105.88.234 164.132.95.123 Spam sample =============================== Received: from nd1.mxout.mta3.net (nd1.mxout.mta3.net [51.178.153.1]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Fri, 3 Dec 2021X DKIM-Signature: X DKIM-Signature: X From: HostingSeekers… Читать далее Spammer hosting @188.165.1.80

AsyncRAT botnet controller @13.66.153.98

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 13.66.153.98 on port 1604 TCP: $ telnet 13.66.153.98 1604 Trying 13.66.153.98… Connected to 13.66.153.98. Escape character… Читать далее AsyncRAT botnet controller @13.66.153.98

DCRat botnet controller @92.63.107.136

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 92.63.107.136 on port 80 (using HTTP GET): hXXp://92.63.107.136/Cpu/binmessageframe/supportscriptrule/pluginhtopgenerator/limitmobiledemoCpu/datademoPref/logruleprodmobile/CamMath/antiDjango/WarPythonpluginPref/mobile/systemAutomessagerule/cuttrace/Pythonprodprodrecord/BigloadBase.php $ nslookup 92.63.107.136 pupokvasa79.fvds.ru Referencing malware binaries (MD5 hash): 96e94ea39fb8c0b3c6cd1a2d8455e0c3 — AV detection: 14… Читать далее DCRat botnet controller @92.63.107.136

RedLineStealer botnet controller @79.174.13.108

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 79.174.13.108 on port 19006 TCP: $ telnet 79.174.13.108 19006 Trying 79.174.13.108… Connected to 79.174.13.108. Escape character… Читать далее RedLineStealer botnet controller @79.174.13.108

spam emitters

Received: from s6.megojom.ru (megojom.ru [94.26.251.138]) Date: Fri, 3 Dec 2021 06:1x:xx +0000 From: Aleksandr <info@s6.megojom.ru> Subject: Предложение 94.26.251.138 megojom.ru 94.26.251.139 tefalongo.ru 94.26.251.140 eseneno.ru 94.26.251.141 grehemon.ru 94.26.251.142 derwerer.ru

Spamvertised website

2021-12-03 https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://thecontestwinners.com/nep81/22/ 162.0.217.80 Received: from llce.top (45.45.216.214) Date: Thu, 02 Dec 2021 09:0x:xx +0000 Subject: Skann datamaskinen med Norton Secured From: Norton AntiVirus <mail@luckyjackpot4you.com> https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://contestwinpros.com/nep80/22/ 162.0.217.38

EFlyerMarketing (via Elastic Email)

A number of IP addresses, all at Elastic Email, are sending spam for a long-time real estate marketing spam operation. The spam are «flyers» advertising properties to sale. They are sent to scraped, purchased and appended lists. Many of the email addresses have not been in use for over a decade, rejected email for several… Читать далее EFlyerMarketing (via Elastic Email)

Hosting phishing domains

194.87.185.14 bos24login.com 2021-11-29 15:03:56 194.87.185.14 bos24online.com 2021-12-02 09:45:36 194.87.185.14 citationsherbe.at 2021-12-01 22:09:17 194.87.185.14 companynet-mbank.com 2021-12-02 15:12:21 194.87.185.14 companynet-mbank.net 2021-11-30 19:11:24 194.87.185.14 eonsabode.at 2021-12-01 16:31:21 194.87.185.14 flowsrectifie.at 2021-12-02 07:41:33 194.87.185.14 gbn05.18rbcgy.xyz 2021-09-30 15:47:27 194.87.185.14 idea-secure-login.com 2021-12-01 22:25:46 194.87.185.14 ideabank-logowanie.net 2021-12-02 01:16:18 194.87.185.14 lpkobiznes.cc 2021-12-02 01:15:53 194.87.185.14 lpkobiznes.me 2021-12-02 01:15:59 194.87.185.14 millenet-login.com 2021-12-01 02:16:32 194.87.185.14 odatingactualiz.at 2021-12-02… Читать далее Hosting phishing domains

ArkeiStealer botnet controller @194.87.80.153

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 194.87.80.153 on port 80 (using HTTP GET): hXXp://guseyn.space/ggate.php $ dig +short guseyn.space 194.87.80.153 Referencing malware binaries (MD5 hash): 3709698dfdf7fa9c2f4a7b41ecad5e13 — AV detection:… Читать далее ArkeiStealer botnet controller @194.87.80.153

Spamvertised website

Received: from llce.top (45.45.216.214) Date: Thu, 02 Dec 2021 09:0x:xx +0000 Subject: Skann datamaskinen med Norton Secured From: Norton AntiVirus <mail@luckyjackpot4you.com> https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://contestwinpros.com/nep80/22/ 162.0.217.38