The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.172.142.36 on port 333 TCP: $ telnet 52.172.142.36 333 Trying 52.172.142.36… Connected to 52.172.142.36. Escape character… Читать далее RevengeRAT botnet controller @52.172.142.36

business-copyrighthelp.ml copyright-help-supportbusiness.ml copyright-helpsupportbusiness.ml global-copyright-service.com globalcopyrightteam.tk helpcopyright-businessteam.ml instagram-businesshelp.ml instagram-help-copysright.ml instagram-help-violation.ml instagram-violation-helps.cf support-copyrighthelp.ml verificationsupportteam.com violation-team-instagram.ml

System distributing spam containing malware. eloquent-lamport.13-89-57-189.plesk.page. 3600 IN A 13.89.57.189 ===================================================================================== Return-Path: <customer@ups.com> Received: from eloquent-lamport.13-89-57-189.plesk.page (unknown [13.89.57.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Wed, 28 Oct 2020 xx:xx:xx +0100 (CET) Received: from SEND.yanhhzixwcpupp3w3haliaqwtd.bx.internal.cloudapp.net (unknown [13.68.146.125]) by eloquent-lamport.13-89-57-189.plesk.page (Postfix) with ESMTPSA… Читать далее malware distribution spam source at plesk.page

System originating spam containing malware. ===================================================================================== Return-Path: <customer@ups.com> Received: from eloquent-lamport.13-89-57-189.plesk.page (unknown [13.89.57.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Wed, 28 Oct 2020 xx:xx:xx +0100 (CET) Received: from SEND.yanhhzixwcpupp3w3haliaqwtd.bx.internal.cloudapp.net (unknown [13.68.146.125]) by eloquent-lamport.13-89-57-189.plesk.page (Postfix) with ESMTPSA id x; Wed, 28 Oct… Читать далее malware distribution spam origin

The host at this IP address is being (ab)used to «listbomb» email addresses: From: webseonilesh01@outlook.com Subject: Special offer Website Designing & development Service.. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: wolfmatter@outlook.com Subject: Re: Follow Up Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order… Читать далее Abused / misconfigured newsletter service (listbombing)

Received: from X9.j4jcpgtohtpepdefuqvs1l0zac.yx.internal.cloudapp.net (unknown [13.78.139.210]) by mail.iqplus.info (Postfix) with ESMTPSA id xx; Received: from mail.iqplus.info (HELO mail.iqplus.info) (202.59.169.109) by xxx; Thu, 29 Oct 2020 06:0227:50 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.iqplus.info (Postfix) with ESMTP id xx; Thu, 29 Oct 2020 13:22:46 +0700 (WIB) Received: from mail.iqplus.info ([127.0.0.1]) by localhost (mail.iqplus.info [127.0.0.1]) (amavisd-new, port… Читать далее Using hacked servers/accounts to send porn spam

104.211.74.243 amezomn-xy5q.cc 104.211.74.243 amezomn-gu6i.cc 104.211.74.243 amezomn-1npy.cc 104.211.74.243 amezomn-qqth.cc 104.211.74.243 amezomn-mrff.cc Somehow I do not think a legitimate AMAZON site would be on Azure.

Received: from miekofishing.se (52.138.203.122) From: Professional Branding and Networking <support@mail.pendaramyamya.com> Subject: You’ve Been Nominated by Who’s Who… Date: Sun, 01 Nov 2020 21:4x:xx +0000 http://lsutktu.khesnadollarplzzzzz.com/[] lsutktu.khesnadollarplzzzzz.com. 1799 IN A 5.181.156.210

The host at this IP address is emitting spam emails. Spam sample ========================================= From: monalisa.webdeveloper@outlook.com Subject: Re: New website or Re-building your existing website =========================================