The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.105.107.25 on port 443 TCP: $ telnet 172.105.107.25 443 Trying 172.105.107.25… Connected to 172.105.107.25. Escape character… Читать далее TrickBot botnet controller @172.105.107.25
TrickBot botnet controller @192.46.229.48
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 192.46.229.48 on port 443 TCP: $ telnet 192.46.229.48 443 Trying 192.46.229.48… Connected to 192.46.229.48. Escape character… Читать далее TrickBot botnet controller @192.46.229.48
Spam source @209.85.222.49
Spam sample ============================== Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49]) by X (Postfix) with ESMTPS id X for <X>; Sat, 20 Nov 2021 X Received: by mail-ua1-f49.google.com with SMTP id X for <X>; Sat, 20 Nov 2021 X DKIM-Signature: X X-Google-DKIM-Signature: X X-Gm-Message-State: X X-Google-Smtp-Source: X X-Received: by 2002:a9f:3e01:: with SMTP id X; Sat, 20 Nov 2021… Читать далее Spam source @209.85.222.49
Spammer hosting @104.21.63.238
Spammer hosting located here: https://trk.klclick3.com/ls/click?upn=X -> https://nostalgicgig.com/0/0/0/X —> https://greenfeelingz.com/de-shark-1/index_2.php?id=X&s1=X&s2=X&s3=X —> https://greenfeelingz.com/de-shark-1/?X —-> https://bibcart.com/click?trvid=X&s2=X&s1=X&s3=X ——> https://vkgtrack.com/?a=X&oc=X&c=X&s2=X ——> https://shop5.ultramaxtestoenhancer.com/#/de/main/?campaign=X&subid1=X&subid2=&subid3=X&subid4=&temp=X $ dig +short greenfeelingz.com 104.21.63.238 172.67.173.27 Spam sample ============================== Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49]) by X (Postfix) with ESMTPS id X for <X>; Sat, 20 Nov 2021 X Received: by mail-ua1-f49.google.com with SMTP id X for <X>; Sat,… Читать далее Spammer hosting @104.21.63.238
Spammer hosting @172.67.173.27
Spammer hosting located here: https://trk.klclick3.com/ls/click?upn=X -> https://nostalgicgig.com/0/0/0/X —> https://greenfeelingz.com/de-shark-1/index_2.php?id=X&s1=X&s2=X&s3=X —> https://greenfeelingz.com/de-shark-1/?X —-> https://bibcart.com/click?trvid=X&s2=X&s1=X&s3=X ——> https://vkgtrack.com/?a=X&oc=X&c=X&s2=X ——> https://shop5.ultramaxtestoenhancer.com/#/de/main/?campaign=X&subid1=X&subid2=&subid3=X&subid4=&temp=X $ dig +short greenfeelingz.com 104.21.63.238 172.67.173.27 Spam sample ============================== Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49]) by X (Postfix) with ESMTPS id X for <X>; Sat, 20 Nov 2021 X Received: by mail-ua1-f49.google.com with SMTP id X for <X>; Sat,… Читать далее Spammer hosting @172.67.173.27
Spammer hosting @104.26.6.82
Spammer hosting located here: https://trk.klclick3.com/ls/click?upn=X -> https://nostalgicgig.com/0/0/0/X —> https://greenfeelingz.com/de-shark-1/index_2.php?id=X&s1=X&s2=X&s3=X —> https://greenfeelingz.com/de-shark-1/?X —-> https://bibcart.com/click?trvid=X&s2=X&s1=X&s3=X ——> https://vkgtrack.com/?a=X&oc=X&c=X&s2=X ——> https://shop5.ultramaxtestoenhancer.com/#/de/main/?campaign=X&subid1=X&subid2=&subid3=X&subid4=&temp=X $ dig +short shop5.ultramaxtestoenhancer.com 104.26.6.82 172.67.68.4 104.26.7.82 Spam sample ============================== Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49]) by X (Postfix) with ESMTPS id X for <X>; Sat, 20 Nov 2021 X Received: by mail-ua1-f49.google.com with SMTP id X for <X>;… Читать далее Spammer hosting @104.26.6.82
Spammer hosting @172.67.68.4
Spammer hosting located here: https://trk.klclick3.com/ls/click?upn=X -> https://nostalgicgig.com/0/0/0/X —> https://greenfeelingz.com/de-shark-1/index_2.php?id=X&s1=X&s2=X&s3=X —> https://greenfeelingz.com/de-shark-1/?X —-> https://bibcart.com/click?trvid=X&s2=X&s1=X&s3=X ——> https://vkgtrack.com/?a=X&oc=X&c=X&s2=X ——> https://shop5.ultramaxtestoenhancer.com/#/de/main/?campaign=X&subid1=X&subid2=&subid3=X&subid4=&temp=X $ dig +short shop5.ultramaxtestoenhancer.com 104.26.6.82 172.67.68.4 104.26.7.82 Spam sample ============================== Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49]) by X (Postfix) with ESMTPS id X for <X>; Sat, 20 Nov 2021 X Received: by mail-ua1-f49.google.com with SMTP id X for <X>;… Читать далее Spammer hosting @172.67.68.4
Spammer hosting @104.26.7.82
Spammer hosting located here: https://trk.klclick3.com/ls/click?upn=X -> https://nostalgicgig.com/0/0/0/X —> https://greenfeelingz.com/de-shark-1/index_2.php?id=X&s1=X&s2=X&s3=X —> https://greenfeelingz.com/de-shark-1/?X —-> https://bibcart.com/click?trvid=X&s2=X&s1=X&s3=X ——> https://vkgtrack.com/?a=X&oc=X&c=X&s2=X ——> https://shop5.ultramaxtestoenhancer.com/#/de/main/?campaign=X&subid1=X&subid2=&subid3=X&subid4=&temp=X $ dig +short shop5.ultramaxtestoenhancer.com 104.26.6.82 172.67.68.4 104.26.7.82 Spam sample ============================== Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49]) by X (Postfix) with ESMTPS id X for <X>; Sat, 20 Nov 2021 X Received: by mail-ua1-f49.google.com with SMTP id X for <X>;… Читать далее Spammer hosting @104.26.7.82
Spammer hosting @13.224.195.45
Massive and repeated spammer hosting going on for several months. Example: https://trk.klclick3.com/ls/click?upn=X -> https://nostalgicgig.com/0/0/0/X —> https://greenfeelingz.com/de-shark-1/index_2.php?id=X&s1=X&s2=X&s3=X —> https://greenfeelingz.com/de-shark-1/?X —-> https://bibcart.com/click?trvid=X&s2=X&s1=X&s3=X ——> https://vkgtrack.com/?a=X&oc=X&c=X&s2=X ——> https://shop5.ultramaxtestoenhancer.com/#/de/main/?campaign=X&subid1=X&subid2=&subid3=X&subid4=&temp=X $ dig +short trk.klclick3.com 13.224.195.45 13.224.195.118 13.224.195.61 13.224.195.52 Spam sample ============================== Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49]) by X (Postfix) with ESMTPS id X for <X>; Sat, 20 Nov 2021 X Received:… Читать далее Spammer hosting @13.224.195.45
Spammer hosting @13.224.195.118
Massive and repeated spammer hosting going on for several months. Example: https://trk.klclick3.com/ls/click?upn=X -> https://nostalgicgig.com/0/0/0/X —> https://greenfeelingz.com/de-shark-1/index_2.php?id=X&s1=X&s2=X&s3=X —> https://greenfeelingz.com/de-shark-1/?X —-> https://bibcart.com/click?trvid=X&s2=X&s1=X&s3=X ——> https://vkgtrack.com/?a=X&oc=X&c=X&s2=X ——> https://shop5.ultramaxtestoenhancer.com/#/de/main/?campaign=X&subid1=X&subid2=&subid3=X&subid4=&temp=X $ dig +short trk.klclick3.com 13.224.195.45 13.224.195.118 13.224.195.61 13.224.195.52 Spam sample ============================== Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49]) by X (Postfix) with ESMTPS id X for <X>; Sat, 20 Nov 2021 X Received:… Читать далее Spammer hosting @13.224.195.118