The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.146.42.226 on port 5600 TCP: $ telnet 52.146.42.226 5600 Trying 52.146.42.226… Connected to 52.146.42.226. Escape character… Читать далее AveMariaRAT botnet controller @52.146.42.226

The host at this IP address is being (ab)used to «listbomb» email addresses: From: info@tropicalcentre.com Subject: Happy holidays! Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order to… Читать далее Abused / misconfigured newsletter service (listbombing)

Spammer hosting located here: https://kbxpbapttqisxgyflhne.blob.core.windows.net/kbxpbapttqisxgyflhne/1dqgqcalkdh.html -> https://www.glowtrk5.com/X/X/?creative_id=X —> https://secure.trafficlink2000.com/?c=X&s1=X&s2=X —> http://www.green-coff.ee/aff_c?offer_id=X&aff_id=X&url_id=X&source=Traffic&aff_sub=X&aff_sub2=X —-> https://nutri.go2cloud.org/aff_c?offer_id=X&aff_id=X&url_id=X&source=Traffic&aff_sub=X&aff_sub2=X ——> https://curcuma3.protibio.de/?refID=X $ dig +short kbxpbapttqisxgyflhne.blob.core.windows.net blob.db3prdstr19a.store.core.windows.net. 20.150.75.36 Spam sample ================================= Received: from nrap.arguanline.com (unknown [191.96.55.40]) by X (Postfix) with ESMTP id X for <X>; Tue, 22 Dec 2020 X Date: Tue, 22 Dec 2020 X From: «Curcuma» <services@arguanline.com> Subject: =?UTF-8?B?Q3VyY3VtYSwgZGFzIEdlc3VuZGhlaXRzIGdld8O8cnogZ2VnZW4gU2NobWVyemVuIQ==?= To:… Читать далее Spammer hosting @20.150.75.36

Spammer hosting located here: https://xiyesqyirxvpdsrluhjj.blob.core.windows.net/X -> https://www.glowtrk5.com/X —> https://dahit.co/X —> https://goldenpromi.com/41/nutislic-m-med/gps/?ac=X —-> https://bestsupportchannel.com/41/nutislic-m-med/gps/?req-id=X $ dig +short xiyesqyirxvpdsrluhjj.blob.core.windows.net blob.dub07prdstr09a.store.core.windows.net. 52.239.139.100 Spam sample ==================================================================== Received: from arguanline.com (unknown [191.96.55.39]) by X (Postfix) with ESMTP id X for <X>; Wed, 23 Dec 2020 X Date: Wed, 23 Dec 2020 X From: «=?UTF-8?B?WmVudHJ1bSBmw7xyIFNjaMO2bmUgRmlndXI=?=» <services@arguanline.com> Subject: =?UTF-8?B?VmVyYnJlbm5lbiBTaWUgZGFzIEvDtnJwZXJmZXR0IG3DvGhlbG9zLCBvaG5lIEZhc3Rlbmt1ciBvZGVyIEpvam8tRWZmZWt0?= To: X MIME-Version:… Читать далее Spammer hosting @52.239.139.100

Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12olkn2054.outbound.protection.outlook.com [40.92.22.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by xx; Thu, 24 Dec 2020 02:22:15 -0500 (EST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=x ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xx ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;… Читать далее Spamming to harvested whois contacts: razawebsaluction@hotmail.com

The host at this IP address is emitting spam emails. Spam sample ========================================= From: mohdasifvb@outlook.com Subject: Web Design =========================================

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.171.193.104 on port 7707 TCP: $ telnet 52.171.193.104 7707 Trying 52.171.193.104… Connected to 52.171.193.104. Escape character… Читать далее AveMariaRAT botnet controller @52.171.193.104

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.11.247.87 on port 2053 TCP: $ telnet 51.11.247.87 2053 Trying 51.11.247.87… Connected to 51.11.247.87. Escape character… Читать далее BitRAT botnet controller @51.11.247.87

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.103.152.3 on port 9084 TCP: $ telnet 51.103.152.3 9084 Trying 51.103.152.3… Connected to 51.103.152.3. Escape character… Читать далее NanoCore botnet controller @51.103.152.3

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.185.49.145 on port 8081 TCP: $ telnet 20.185.49.145 8081 Trying 20.185.49.145… Connected to 20.185.49.145. Escape character… Читать далее Malware botnet controller @20.185.49.145