Routing Stolen IP blocks. hXXps://bgp.he.net/AS211849#_prefixes 3 vl199-ds2-j2-r5-19-16.ams1.constant.com (173.199.113.193) 94.9ms ** [neglected] no reply packets received from TTLs 4 through 6 7 ae-2-3204.edge4.Stockholm2.Level3.net (4.69.135.162) 117.7ms 8 213.249.107.130 114.2ms 9 95.167.93.75 185.0ms ** [neglected] no reply packets received from TTL 10 11 48.149.173.1 224.3ms Origin-AS: 211849 Prefix: 48.149.173.0/24 AS-Path: 8220 1299 12389 211849 AS-Org-Name: KAKHAROV-AS Org-Name: The… Читать далее AS211849 IP Hijacking operation
Spam support service
We currently consider Beget LLC as «spam support service» according to Spamhaus SBL policy. Beget LLC is providing bulletproof domain registration services to botnet operators and rejects abuse reports send by Spamhaus and 3rd parties: ================================== <support@beget.com>: host mx1.beget.com[5.101.158.68] said: 550-Message discarded as high-probability spam. Contact support@beget.ru ( 550 1mTIPl-0005Sw-6a ) (in reply to end… Читать далее Spam support service
Malware / Botnet / Phishing hosting server @82.202.194.6
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 82.202.194.6 on port… Читать далее Malware / Botnet / Phishing hosting server @82.202.194.6
spam emitters
Spam emissions seen from 31.172.134.170 31.172.134.171 31.172.134.172 31.172.134.173 31.172.134.174 Received: from s8.megojom.ru (31.172.134.173 [31.172.134.173]) Date: Sun, 3 Oct 2021 09:3x:xx +0000 From: Aleksandr <info@s8.megojom.ru> Subject: Предложение
Phishing server
rdx-irsclaimdoantion.com has address 34.66.194.119 claimtaxdoantionusa.com has address 34.66.194.119 ustaxclaimdonation.com has address 34.66.194.119 rdx-usataxtretruns.com has address 34.66.194.119 usataxclaim.com has address 34.66.194.119
Spamvertised domain hosting
Received: from loop.xtivant.digital ([2.58.148.100]) by [] (8.14.7/8.14.7) with ESMTP id [] for []; Sat, 2 Oct 2021 12:[]:[] -0400 Authentication-Results: [] DKIM-Signature: [] DomainKey-Signature: [] Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=»[]» Date: Sat, 2 Oct 2021 18:[]:[] +0200 From: «Ernest Craig» <selfdefense@xtivant.digital> Reply-To: «Ernest Craig» <selfdefense@xtivant.digital> Subject: «I Was In Hell» Serial Robber Terrified After Entering… Читать далее Spamvertised domain hosting
Malware / Botnet / Phishing hosting server @213.178.155.79
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 213.178.155.79 on port… Читать далее Malware / Botnet / Phishing hosting server @213.178.155.79
Malware botnet controller @149.202.234.238
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 149.202.234.238 on port 443: $ telnet 149.202.234.238 443 Trying 149.202.234.238… Connected to 149.202.234.238. Escape character is ‘^]’ gcl-page.biz. 60 IN A 46.8.29.140
spam emitter @185.143.174.147
Received: from s5.alinjgom.ru (185.143.174.147 [185.143.174.147]) Date: Sat, 2 Oct 2021 07:0x:xx +0000 From: Aleksandr <info@s5.alinjgom.ru> Subject: Предложение
Malware distribution @51.254.164.241
The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://51.254.164.241/44471.1691809028.dat $ nslookup 51.254.164.241 ip241.ip-51-254-164.eu Referencing malware binaries (MD5 hash): 48350ac73f83379ad2378b89c5be68bd — AV detection: 3 / 59 (5.08)