Hosting.Black — Страница 222 — Полный архив спамхауса, просто так, чтобы было для Истории рынка | hostsuki.link | добавить мониторинг если нету категории/компании, напишите на hosting-black@hosting.wtf

Malware / Botnet / Phishing hosting server @78.24.217.184

According to our telem’etry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 78.24.217.184 on port… Читать далее Malware / Botnet / Phishing hosting server @78.24.217.184

OskiStealer botnet controller @104.21.86.112

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 104.21.86.112 on port 80 (using HTTP POST): hXXp://stanelectronics.xyz/6.jpg $ dig +short stanelectronics.xyz 104.21.86.112 Referencing malware binaries (MD5 hash): e029f21834d5ceea1006d1658768f4dc — AV detection:… Читать далее OskiStealer botnet controller @104.21.86.112

RaccoonStealer botnet controller @104.21.79.96

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 104.21.79.96 on port 80 (using HTTP GET): hXXp://telegka.top/sa115bayon $ dig +short telegka.top 104.21.79.96 Referencing malware binaries (MD5 hash): 00502f2c9c6bfcaa288f596aac9b415b — AV detection:… Читать далее RaccoonStealer botnet controller @104.21.79.96

Phishing payload against Nordea Bank (Nordics)

$ host 3920-nor.xyz 3920-nor.xyz has address 162.0.217.20 Phishing payload in a recent Nordea Bank phishing spam.

Phishing origination against Nordea Bank (Nordics)

Return-Path: <master@adg.ma> Received: from hokageweb.nindohost.net (hokageweb.nindohost.net [138.201.14.18]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Tue, 19 Oct 2021 ##:##:## +0300 (EEST) Authentication-Results: x; dkim=pass reason=»2048-bit key» header.d=adg.ma header.i=@adg.ma header.b=GJrvjpat; dkim-adsp=pass DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=adg.ma; s=default; h=Content-Type:MIME-Version:Sender:To:Message-Id:Subject:Date:From :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive;… Читать далее Phishing origination against Nordea Bank (Nordics)

Spamvertised website

Received: from mhkg.mta3.appspot.com (20.185.239.150) From: Facebook <[]@facebook.com> Subject: Tell us about your experience with Facebook being down and get $90 promo reward Date: Mon, 18 Oct 2021 18:11:41 +0200 https://dinoperks.page.link/rK6c 74.125.192.101 https://binocularsti.com/[] 165.227.177.110 https://distinctpedestrian.com/?s1=[]&s2=[]&s3=3410&s4=1638&ow=&s10=862 172.67.200.31 https://konicpirg.com/[] 172.67.187.213 https://waveyup.com/click?s2=[]&s1=[]&s3=3410&trvid=10496&s4=1638&ow=8 34.234.154.208 https://icelnkr.com/?a=310&c=457&s2=p[ 3.222.214.90 https://www.getzbuds.com/jtn3/?tracking1=XCI1S&tracking2=&tracking3=[]&tracking4=[] 104.21.54.210

Phishing origination against Nordea Bank (Nordics)

Return-Path: <email@govind.navodayawelfarefoundation.org> Received: from server.nephost.net (server.nephost.net [167.86.66.101]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Tue, 19 Oct 2021 ##:##:## +0300 (EEST) Authentication-Results: x; dkim=pass reason=»2048-bit key» header.d=govind.navodayawelfarefoundation.org header.i=@govind.navodayawelfarefoundation.org header.b=PUhBwoyq; dkim-adsp=pass DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=govind.navodayawelfarefoundation.org; s=default; h=Content-Type: MIME-Version:Sender:To:Message-Id:Subject:Date:From:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:… Читать далее Phishing origination against Nordea Bank (Nordics)

affiliate spam @waveyup.com

Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)

ns1.zuganov-lox.ru. 14400 IN A 185.244.149.231 ns2.zuganov-lox.ru. 14400 IN A 37.46.134.199 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 164.132.216.32 ns2.zuganov-lox.ru. 14400 IN A 164.132.216.35 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 83.220.174.184 ns2.zuganov-lox.ru. 14400 IN A 85.143.220.177 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 109.248.133.96 ns2.zuganov-lox.ru. 14400 IN A 185.117.155.168 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 94.142.143.206 ns2.zuganov-lox.ru. 14400… Читать далее Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)

Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: aidsmap bulletins <bulletins@bulletins.aidsmap.com> Subject: aidsmap news: Some people with HIV may have weaker response to COVID-19 vaccines, 19 October 2021 Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim… Читать далее Abused / misconfigured newsletter service (listbombing)