Received: from mail.hyiess.live ([165.227.47.22]) From: «Account Manager» <contact@hyiess.live> Subject: [], uw saldo is onlangs bijgewerkt Date: Fri, 15 Apr 2022 11:0x:xx -0700 Previous SBL listings associated with this operations tied to Digital Ocean: SBL547587 159.223.234.252 2022-04-15 SBL547509 159.203.35.163 2022-04-14 SBL547508 128.199.112.150 2022-04-14 SBL547390 143.198.177.2 2022-04-12 SBL547337 64.225.11.205 2022-04-12 SBL547269 165.22.20.199 2022-04-11 SBL547231 142.93.159.24 2022-04-11 SBL547002… Читать далее spam emitter @165.227.47.22
Malware botnet controller @198.244.224.100
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 198.244.224.100 on port 443. $ telnet 198.244.224.100 443 Trying 198.244.224.100… Connected to 198.244.224.100. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @198.244.224.100
Spam MX Services (jellyfish.systems) (OMICS)
MX services at the jellyfish.systems domain are once again providing MX services to at least one, and probably several, OMICS domains. Received: from hwsrv-951687.hostwindsdns.com (hwsrv-951687.hostwindsdns.com [104.168.218.125]) Received: from jcrcopenaccess.live (myway.myopenaccess.live [103.30.17.53]) Date: Thu, 14 Apr 2022 02:##:## +0000 From: Opast Online Publishing Group <info@max500.live> Reply-To: Opast Online Publishing Group <editor.<x>@openaccessjournalsnews.com> Subject: Submissions for Upcoming Issue… Читать далее Spam MX Services (jellyfish.systems) (OMICS)
Spam MX Services (jellyfish.systems) (OMICS)
MX services at the jellyfish.systems domain are once again providing MX services to at least one, and probably several, OMICS domains. Received: from hwsrv-951687.hostwindsdns.com (hwsrv-951687.hostwindsdns.com [104.168.218.125]) Received: from jcrcopenaccess.live (myway.myopenaccess.live [103.30.17.53]) Date: Thu, 14 Apr 2022 02:##:## +0000 From: Opast Online Publishing Group <info@max500.live> Reply-To: Opast Online Publishing Group <editor.<x>@openaccessjournalsnews.com> Subject: Submissions for Upcoming Issue… Читать далее Spam MX Services (jellyfish.systems) (OMICS)
Spam MX Services (jellyfish.systems) (OMICS)
MX services at the jellyfish.systems domain are once again providing MX services to at least one, and probably several, OMICS domains. Received: from hwsrv-951687.hostwindsdns.com (hwsrv-951687.hostwindsdns.com [104.168.218.125]) Received: from jcrcopenaccess.live (myway.myopenaccess.live [103.30.17.53]) Date: Thu, 14 Apr 2022 02:##:## +0000 From: Opast Online Publishing Group <info@max500.live> Reply-To: Opast Online Publishing Group <editor.<x>@openaccessjournalsnews.com> Subject: Submissions for Upcoming Issue… Читать далее Spam MX Services (jellyfish.systems) (OMICS)
Spam MX (Opast Publishing Group) (OMICS)
GoDaddy hosts the A record and provides domain registration fof the domain openaccessjournalsnews.com This domain is registered by OMICS, a publisher of open-access journals that solicits contributions and (by implication) subscriptions through spam sent to scraped, purchased or appended email addresses. This domain appears in dropbox email addresses in Reply-to headers of spam, which means… Читать далее Spam MX (Opast Publishing Group) (OMICS)
spam emitter @159.223.234.252
Received: from mail.kesylife.live ([159.223.234.252]) From: «BTC Account» <contact@kesylife.live> Subject: [], er is nieuwe activiteit in uw BTC-account Date: Fri, 15 Apr 2022 07:4x:xx -0700 Previous SBL listings associated with this operations tied to Digital Ocean: SBL547509 159.203.35.163 2022-04-14 SBL547508 128.199.112.150 2022-04-14 SBL547390 143.198.177.2 2022-04-12 SBL547337 64.225.11.205 2022-04-12 SBL547269 165.22.20.199 2022-04-11 SBL547231 142.93.159.24 2022-04-11 SBL547002 64.227.34.236… Читать далее spam emitter @159.223.234.252
RemcosRAT botnet controller @198.244.135.118
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 198.244.135.118 on port 9764 TCP: $ telnet 198.244.135.118 9764 Trying 198.244.135.118… Connected to 198.244.135.118. Escape character… Читать далее RemcosRAT botnet controller @198.244.135.118
Assorted phish landing sites.
Every one of these is phishing. Usually Chinese phishers trying to steal Japanese credit cards. 34.92.70.206 aeoncojapan.redirectme.net 34.92.70.206 aeonjaocnote.myddns.me 34.92.70.206 etc-meisano.myddns.me 34.92.70.206 aeonjaopan.3utilities.com 34.92.70.206 etc-meisnaijp.3utilities.com 34.92.70.206 aeonjapamoce.onthewifi.com 34.92.70.206 etc-meisajpant.onthewifi.com 34.92.70.206 aeonjapoain.freedynamicdns.net 34.92.70.206 etc-meisanjpan.freedynamicdns.net 34.92.70.206 amaoznejapane.ga 34.92.70.206 amaoznejapane.ml 34.92.70.206 amaoznejapcom.cf 34.92.70.206 amazonjap.crabdance.com 34.92.70.206 etc-meisaijpan.crabdance.com 34.92.70.206 amazonjapance.ddnsking.com 34.92.70.206 etc-meiasaijp.cf 34.92.70.206 etc-meiasaijp.gq 34.92.70.206 etc-meiasaijp.ml 34.92.70.206 etc-meisaiajp.ga 34.92.70.206 etc-meisaijapn.barvennon.com… Читать далее Assorted phish landing sites.
AZORult botnet controller @172.67.193.69
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AZORult botnet controller located at 172.67.193.69 on port 80 (using HTTP POST): hXXp://e4v5sa.xyz/PL341/index.php $ dig +short e4v5sa.xyz 172.67.193.69 Referencing malware binaries (MD5 hash): 0b71a53b75074c03a48bf23774b1c5f1 — AV detection:… Читать далее AZORult botnet controller @172.67.193.69