Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
Loki botnet controller @172.67.205.83
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.205.83 on port 80 (using HTTP POST): hXXp://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php $ dig +short 74f26d34ffff049368a6cff8812f86ee.ml 172.67.205.83 Other malicious domain names hosted on this IP address:… Читать далее Loki botnet controller @172.67.205.83
affiliate spam @upxstream.com
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) From: 8op1uq37k9i <jack3458smi@gmail.com> Date: Tue, 5 Oct 2021 15:38:15 -0700 Subject: vhsbmrjjc3xf2af sr8u1r969k3 ncr15ktm Re: h2zbw3uoay https://www.linkedin.com/slink?code2=AtXEToVmVDcDCCUONArgAIxGZiUbNHgKGjEEhgpOAvQLRLsDplCmPXRvVIYU&code=eMSfRdpD&code1=YIQVqbrFSRiscsEs 13.107.43.14 https://balermoplate.com/0/0/0/[] 191.101.232.119 https://tornadospins.com/index2.php?s1=350159&s2=[]&s3=2357&s4=lpid&ow=27&p=nl7mlt3as 172.67.219.81 https://washabeach.com/?[] 104.21.90.124 https://upxstream.com/click?trvid=10554&s2=[]&s1=350159&s3=2357&s4=lpid&ow=27 18.198.101.167 https://activitypassion.com/?a=162&c=4035&s2=[]&s1=350159 104.21.78.247 https://ama.estateforced.com/nl-nl/?o=4076&r=[]&a=162&sa=350159 172.67.174.41
Spam support service
We currently consider Beget LLC as «spam support service» according to Spamhaus SBL policy. Beget LLC is providing bulletproof domain registration services to botnet operators: 2021-07-16 — SBL525639 byxibafaytidrcd.ru fylmvtwbbovspsa.ru mkrqbaxubmarpxg.ru opmcqchasbyuvtt.ru qxagkkjpphdreyw.ru 2021-07-22 — SBL525639 qxagkkjpphdreyw.ru bflvmdsywsvquae.ru byxibafaytidrcd.ru opmcqchasbyuvtt.ru mkrqbaxubmarpxg.ru fylmvtwbbovspsa.ru zynger.ru 2021-08-21 — SBL525639 ifsfpvttfjsetms.ru ikkfbfildrujmal.ru iloydveaouuvhds.ru dokvyafdvdaxqfd.ru eyhqwldorupvwdi.ru 2021-09-09 — SBL531777 kiipxvoqiqnyuuq.ru… Читать далее Spam support service
phishing server
navyfederalusa.com has address 129.213.41.153 ƞavyfederạl.com has address 129.213.41.153
phishing server
securejpmchase.com has address 167.71.171.238 jpmorganveriify.com has address 167.71.171.238 jpmchasesecure.com has address 167.71.171.238 chasesecurejpm.com has address 167.71.171.238 chasejpmverifyus.com has address 167.71.171.238 chasejpmsignin.com has address 167.71.171.238 chasewebsignin.com has address 167.71.171.238 chasejplogin.com has address 167.71.171.238 securechasejpm.com has address 167.71.171.238 verifyjpchase.com has address 167.71.171.238 loginjpchase.com has address 167.71.171.238 chasewebauth.com has address 167.71.171.238 loginchaseweb.com has address 167.71.171.238 jpmorganwebauth.com has address… Читать далее phishing server
Loki botnet controller @82.202.194.8
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 82.202.194.8 on port 80 (using HTTP POST): hXXp://checkvim.com/fd3/fre.php checkvim.com. 600 IN A 82.202.194.8 Referencing malware binaries (MD5 hash): 641e4b752fd10161725fb21afd0fa938 — AV detection:… Читать далее Loki botnet controller @82.202.194.8
Malware / Botnet / Phishing hosting server @31.184.249.175
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 31.184.249.175 on port… Читать далее Malware / Botnet / Phishing hosting server @31.184.249.175
Smoke Loader botnet controller @194.169.163.96
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 194.169.163.96 on port 80 (using HTTP POST): hXXp://paishancho17.top/ $ dig +short paishancho17.top 194.169.163.96 Referencing malware binaries (MD5 hash): 4854a42e3f0e398b5555a9e1af39aefd — AV… Читать далее Smoke Loader botnet controller @194.169.163.96
FastFlux hosting provider — who use hacked servers to host malware, phish, etc. (DNS server)
https://bulletproof-hosting.com >>> https://bulletproof.su/? >>> https://t.me/ffservice? ns1.nospamdns.ru. 7162 IN A 91.224.22.145 ns2.nospamdns.ru. 7159 IN A 188.120.242.132 ________________ ns1.nospamdns.ru. 7162 IN A 82.146.48.239 ns2.nospamdns.ru. 7159 IN A 82.146.52.162 ________________ ns1.nospamdns.ru. 7162 IN A 193.47.33.229 ns2.nospamdns.ru. 7159 IN A 80.76.42.10 ________________ ns1.nospamdns.ru. 7162 IN A 193.47.33.229 ns2.nospamdns.ru. 7159 IN A 5.188.89.52 ________________ ns1.nospamdns.ru. 7162 IN A 91.224.22.113 ns2.nospamdns.ru.… Читать далее FastFlux hosting provider — who use hacked servers to host malware, phish, etc. (DNS server)