The host at this IP address is being (ab)used to «listbomb» email addresses: From: Trust In News <assinaturas@info.trustinnews.pt> Subject: Últimos dias da Campanha Black Friday! Aproveite descontos até 67% nas melhores revistas Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being… Читать далее Abused / misconfigured newsletter service (listbombing)
RedLineStealer botnet controller @95.181.152.177
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.181.152.177 on port 21142 TCP: $ telnet 95.181.152.177 21142 Trying 95.181.152.177… Connected to 95.181.152.177. Escape character… Читать далее RedLineStealer botnet controller @95.181.152.177
Spamvertised bitcoin scam.
Was SBL537336 91.202.5.69 Was SBL537239 31.42.177.99 bitforte.net has address 164.90.195.160 www.bitforte.net has address 164.90.195.160 www.fortcoin.net has address 164.90.195.160 fortcoin.net has address 164.90.195.160 sbk.foundation has address 31.42.177.99 <— abandoned? 91.202.5.69 bitforte.net 91.202.5.69 www.bitforte.net 91.202.5.69 www.coinrow.net 91.202.5.69 coinrow.net 91.202.5.69 www.fortcoin.net 91.202.5.69 fortcoin.net 91.202.5.69 www.coinforte.net 91.202.5.69 coinforte.net 31.42.177.99 bitforte.net 31.42.177.99 www.bitforte.net 31.42.177.99 www.fortcoin.net 31.42.177.99 fortcoin.net 31.42.177.99 sbk.foundation 31.42.177.99… Читать далее Spamvertised bitcoin scam.
STRRAT botnet controller @54.218.207.65
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 54.218.207.65 on port 1177 TCP: $ telnet 54.218.207.65 1177 Trying 54.218.207.65… Connected to 54.218.207.65. Escape character… Читать далее STRRAT botnet controller @54.218.207.65
Malware botnet controller @129.146.249.128
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 129.146.249.128 on port 64466 TCP: $ telnet 129.146.249.128 64466 Trying 129.146.249.128… Connected to 129.146.249.128. Escape character… Читать далее Malware botnet controller @129.146.249.128
Attack Server
Website Exploit Attack server 1637914606.020 0 139.59.74.137 TCP_DENIED/403 4034 GET http://X.X.X.X/phpMyAdmin-5/index.php? — HIER_NONE/- text/html 1637914606.516 0 139.59.74.137 TCP_DENIED/403 4019 GET http://X.X.X.X/PMA2020/index.php? — HIER_NONE/- text/html 1637914607.010 0 139.59.74.137 TCP_DENIED/403 4022 GET http://X.X.X.X/database/index.php? — HIER_NONE/- text/html 1637914607.508 1 139.59.74.137 TCP_DENIED/403 4033 GET http://X.X.X.X/sql/myadmin/index.php? — HIER_NONE/- text/html 1637914608.000 0 139.59.74.137 TCP_DENIED/403 4030 GET http://X.X.X.X/db/myadmin/index.php? — HIER_NONE/- text/html 1637914608.506… Читать далее Attack Server
spam support (domains)
domain used in likely id theft/phishing surveytoday.co… 159.89.188.73 Subject: $100-in-ExclusiveRewards — ProvideYourOpinionOnApple
spam emitters
Received: from s2.megojom.ru (megojom.ru [95.213.249.189]) Date: Fri, 26 Nov 2021 09:3x:xx +0000 From: Aleksandr <info@s2.megojom.ru> Subject: Предложение 95.213.249.186 tefalongo.ru 95.213.249.187 eseneno.ru 95.213.249.188 derwerer.ru 95.213.249.189 megojom.ru 95.213.249.190 welbryh.ru
RedLineStealer botnet controller @116.202.110.68
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 116.202.110.68 on port 48426 TCP: $ telnet 116.202.110.68 48426 Trying 116.202.110.68… Connected to 116.202.110.68. Escape character… Читать далее RedLineStealer botnet controller @116.202.110.68
spam emitter @147.135.182.202
Received: from mail2-202.pollsreleased300.com (147.135.182.202) Date: Fri, 26 Nov 2021 07:1x:xx +0000 Subject: 🇳🇴 Viktige nyheter for landet. From: dagsavisen.no <info@pollsreleased300.com> Previously spamming from: 5.196.196.179 mail1-179.pollsreleased300.com 2021-11-11 16:5x:xx