The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.183.37.26 on port 1452 TCP: $ telnet 52.183.37.26 1452 Trying 52.183.37.26… Connected to 52.183.37.26. Escape character… Читать далее AsyncRAT botnet controller @52.183.37.26
spam emitter @62.210.127.72
Received: from zimbra.tieline.com (62.210.127.72) From: Antivirus Norton;<noreply@email.ellos.no> Subject: Siste paminnelse om at antivirusprogrammet ditt utløper om 24 timer Date: Fri, 15 Oct 2021 16:1x:xx -0400
Spamvertised website
Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) From: Temobase Clothing <nitdaica@gmail.com> Reply-To: nancy@temogearstore.com Date: Sat, 16 Oct 2021 02:30:07 +0900 Subject:4 gift ideas for you, []! https://fbtees.bar/[] 198.54.115.238 https://trendtify.shop/[] 66.29.141.34 https://trontee.com/[] 34.149.47.41
Spamvertised website
Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) From: Temobase Clothing <nitdaica@gmail.com> Reply-To: nancy@temogearstore.com Date: Sat, 16 Oct 2021 02:30:07 +0900 Subject:4 gift ideas for you, []! https://fbtees.bar/[] 198.54.115.238 https://trendtify.shop/[] 66.29.141.34 https://trontee.com/[] 34.149.47.41
T-shirt spammer landing sites.
84 t-shirt spam domains land here. (Correction 161 domains and a long history…) There is no point listing them because they change regularly. Here is just ONE: trontee.com
phishing / fraud sites
onlinearoisecurityupdated.com has address 35.155.30.240 validate-myitem.com has address 35.155.30.240 myitem-fee.delivery has address 35.155.30.240 presidentialrelief.work has address 35.155.30.240 myitem-attemptfee.com has address 35.155.30.240 portal-logonactivity.com has address 35.155.30.240
Carding fraud site/forum: c2bit.mu etc.
https://u.to/UzssGA >>> http://c2bit.mu/en/#/ http://vn5socks.net/images/c2bit1.gif c2bit.pw. 600 IN A 95.213.216.158 c2bit.mu. 600 IN A 95.213.216.158 _________________ Was: c2bit.pw. 600 IN A 85.192.56.93 c2bit.mu. 600 IN A 85.192.56.93 _________________ Was: c2bit.pw. 600 IN A 193.187.175.129 c2bit.mu. 600 IN A 193.187.175.129 __________________ Was: c2bit.pw. 600 IN A 5.188.88.83 c2bit.mu. 600 IN A 5.188.88.83 __________________ Was: c2bit.pw. 600 IN… Читать далее Carding fraud site/forum: c2bit.mu etc.
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
spam support (domains)
domain used in spam operation w45hw345h.xyz|192.64.119.231
affiliate spam @erafinans.no
Received: from s22020.in.dimiwuh.eu (212.236.220.20) From: Era Finans på vegne av Travelwop <info@in.dimiwuh.eu> Subject: Refinansiering av smålån og kredittkort Date: Fri, 15 Oct 2021 06:3x:xx +0000 http://in.dimiwuh.eu/r?up=[] 188.95.249.200 http://rls.go2cloud.org/aff_c?offer_id=108&aff_id=1&url_id=230&aff_sub2=1294&aff_sub3=[]&aff_sub4=[] 34.198.147.111 https://erafinans.no/?campaign=830&clickid=[]&affid=123456 159.65.196.24