domain used in spam operation opsdfghoi.com… 35.168.144.121
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
Malware botnet controllers @45.8.124.219
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.8.124.219 on port 443: $ telnet 45.8.124.219 443 Trying 45.8.124.219… Connected to 45.8.124.219. Escape character is… Читать далее Malware botnet controllers @45.8.124.219
spam emitter @143.198.129.222
Received: from mail.tikesstar.live (143.198.129.222) From: «BTC Kontosaldo» <contact@tikesstar.live> Subject: [], saldoen din er klar for utbetaling i dag Date: Mon, 15 Nov 2021 06:5x:xx -0800 https://withdrawalupdating.page.link/moke 142.251.36.46 https://mightytrackz.com/[] 18.195.174.160 https://easytraderhub.com/withdrawalpage/dk?cep=[]&lptoken=[] 95.217.232.235 https://mightytrackz.com/click 18.195.174.160 https://lfgtrk.com/?a=11188&c=123868&s1=[]&s2=[] 54.237.62.140 https://wagyutrk.com/?a=11188&c=123868&s1=[]&s2=[]&ckmguid=[] 52.45.176.128 https://trkdigital.com/o/0w-fTj?s1=11188&s2=[]&s3=[] 172.67.221.18 https://cryptosuperstar.de/de?affiliate_user=381&click_id=[]&custom_1=11188&custom_2=[]&s1=11188&s2=[]&data= 172.67.170.11
affiliate spam @mightytrackz.com
Received: from mail.tikesstar.live (143.198.129.222) From: «BTC Kontosaldo» <contact@tikesstar.live> Subject: [], saldoen din er klar for utbetaling i dag Date: Mon, 15 Nov 2021 06:5x:xx -0800 https://withdrawalupdating.page.link/moke 142.251.36.46 https://mightytrackz.com/[] 18.195.174.160 https://easytraderhub.com/withdrawalpage/dk?cep=[]&lptoken=[] 95.217.232.235 https://mightytrackz.com/click 18.195.174.160 https://lfgtrk.com/?a=11188&c=123868&s1=[]&s2=[] 54.237.62.140 https://wagyutrk.com/?a=11188&c=123868&s1=[]&s2=[]&ckmguid=[] 52.45.176.128 https://trkdigital.com/o/0w-fTj?s1=11188&s2=[]&s3=[] 172.67.221.18 https://cryptosuperstar.de/de?affiliate_user=381&click_id=[]&custom_1=11188&custom_2=[]&s1=11188&s2=[]&data= 172.67.170.11
New Emotet malware dropper
hxxp://141.94.176.124/Loader_90563_1.dll See: https://cyber.wtf/2021/11/15/guess-whos-back/
Vjw0rm botnet controller @13.92.159.78
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 13.92.159.78 on port 6430 TCP: $ telnet 13.92.159.78 6430 Trying 13.92.159.78… Connected to 13.92.159.78. Escape character… Читать далее Vjw0rm botnet controller @13.92.159.78
spam emitters
Received: from s17.megojom.ru (megojom.ru [31.172.135.30]) Date: Mon, 15 Nov 2021 14:0x:xx +0000 From: Aleksandr <info@s17.megojom.ru> Subject: Предложение 31.172.135.26 eseneno.ru 31.172.135.27 derwerer.ru 31.172.135.28 yeremont.ru 31.172.135.29 uwentos.ru 31.172.135.30 megojom.ru
spam source and site — sobilan.icu
54.39.39.140 eei.soauto.icu 54.39.39.141 eei.soax.icu 54.39.39.142 eei.sobilan.icu sobilan.icu. 3600 IN NS ns1.sobilan.icu. sobilan.icu. 3600 IN NS ns2.sobilan.icu. ns1.sobilan.icu. 3600 IN A 54.39.39.142 ns2.sobilan.icu. 3600 IN A 54.39.39.140 ======================================================================= Return-Path: <x@eei.sobilan.icu> Received: from eei.sobilan.icu (eei.sobilan.icu [54.39.39.142]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Sat,… Читать далее spam source and site — sobilan.icu