The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.105.25.115 on port 6522 TCP: $ telnet 51.105.25.115 6522 Trying 51.105.25.115… Connected to 51.105.25.115. Escape character… Читать далее njrat botnet controller @51.105.25.115

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.186.91.251 on port 5498 TCP: $ telnet 20.186.91.251 5498 Trying 20.186.91.251… Connected to 20.186.91.251. Escape character… Читать далее NanoCore botnet controller @20.186.91.251

The host at this IP address is being (ab)used to «listbomb» email addresses: From: johnmarlenami@outlook.com Subject: Re: follow up. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order… Читать далее Abused / misconfigured newsletter service (listbombing)

52.174.26.138 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 52.174.26.138 stops answering DNS queries for spamvertized domain names. 1 Nameservers seen on 52.174.26.138: NS2.PE-CUIDEMONOS.COM — 365-office.us — 365onlineupdateboimobile.com — abmedic.net — acc0m1t-sc0ta8sup1.com — account-dashboard.net… Читать далее Malicious DNS server. pe-cuidemonos.com

40.114.54.159 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 40.114.54.159 stops answering DNS queries for spamvertized domain names. 1 Nameservers seen on 40.114.54.159: NS1.PE-CUIDEMONOS.COM — 365-office.us — 365onlineupdateboimobile.com — abmedic.net — acc0m1t-sc0ta8sup1.com — account-dashboard.net… Читать далее Malicious DNS server. pe-cuidemonos.com

Spammer hosting located here: https://ketoopufunxvkhsmrt.blob.core.windows.net/ketoopufunxvkhsmrt/1dqgqcalkdh.html -> https://www.incorport.com/X —> https://www.thehealthysavers.com/de-healthenews-v1/?sub1=X —> https://clickandglory.com/click.track?CID=X —-> https://theketobodytone.com/bodytone_int_v2/?lang=X $ dig +short unsubscribepchar.blob.core.windows.net blob.db6prdstr06a.store.core.windows.net. 52.169.240.64 Spam sample ==================================================================== Received: from Abrouhline.com (unknown [185.250.205.70]) by X (Postfix) with ESMTP id X for <X>; Fri, 1 Jan 2021X Date: Fri, 01 Jan 2021 X From: «Keto BodyTone» <customer-service-@lixar.net> Subject: Revolutionare Medizin zur Gewichtsreduktion… Читать далее Spammer hosting @52.169.240.64

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 40.88.6.254 on port 8008 TCP: $ telnet 40.88.6.254 8008 Trying 40.88.6.254… Connected to 40.88.6.254. Escape character… Читать далее LimeRAT botnet controller @40.88.6.254

Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-oln040092071087.outbound.protection.outlook.com [40.92.71.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by xx; Mon, 4 Jan 2021 12:22:53 -0500 (EST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=xx ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xx ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;… Читать далее Spamming Indian app dev to harvested Whois contacts: NicoleGrabs@outlook.com

The host at this IP address is being (ab)used to «listbomb» email addresses: From: jyosani@outlook.com Subject: Your Website’s Google Ranking 1st Page Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address is being (ab)used to «listbomb» email addresses: From: samscottss@outlook.com Subject: iPhone App Development Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order… Читать далее Abused / misconfigured newsletter service (listbombing)