The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 176.119.147.82 port 443: $ telnet 176.119.147.82 443 Trying 176.119.147.82… Connected to 176.119.147.82. Escape character is ‘^]’.… Читать далее Malware botnet controller @176.119.147.82
spam emitter @213.139.208.76
Received: from s7.goronet.ru (213.139.208.76 [213.139.208.76]) Date: Fri, 11 Mar 2022 00:0x:xx +0000 From: Aleksandr <info@s7.goronet.ru> Subject: Предложение
spam emitter @45.67.59.34
Received: from s1.goronet.ru (45.67.59.34 [45.67.59.34]) Date: Fri, 11 Mar 2022 00:1x:xx +0000 From: Aleksandr <info@s1.goronet.ru> Subject: Предложение
Loki botnet controller @172.67.178.113
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.178.113 on port 80 (using HTTP POST): hXXp://qtd8gcdoplav737wretjqmaiy.cf/Kent1/fre.php $ dig +short qtd8gcdoplav737wretjqmaiy.cf 172.67.178.113
DCRat botnet controller @94.250.253.4
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 94.250.253.4 on port 80 (using HTTP GET): hXXp://94.250.253.4/Wp/8testDownloads/0ProcessorTrafficmariadb/imageApiVoiddbpython/ProtonProcess/5/js/UniversalProcessVideoApi/7Base/Dlegeo58/2/ServerWindowsSql/2datalifeEternalsecure/processDefaultLinuxwindows.php $ nslookup 94.250.253.4 melanieliza.fvds.ru Referencing malware binaries (MD5 hash): e7dac1680784996bdbd5f97595c351b4 — AV detection: 49… Читать далее DCRat botnet controller @94.250.253.4
Spam source @139.99.135.4
Received: from vps-ae327aa8.vps.ovh.ca (vps-ae327aa8.vps.ovh.ca [139.99.135.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Fri, 11 Mar 2022 X Received: from [192.168.132.153] (unknown [154.6.22.34]) by vps-ae327aa8.vps.ovh.ca (Postfix) with ESMTPA id X; Fri, 11 Mar 2022 X Content-Type: text/plain; charset=»iso-8859-1″ MIME-Version: 1.0 Content-Transfer-Encoding:… Читать далее Spam source @139.99.135.4
Spam Hosting (peertechz.com) (PeertechZ) (OMICS)
This IP address hosts the A record and website of the domain peertechz.com. This domain belongs to PeertechZ, alias OMICS. OMICs has over 200 current and previous SBL listings. This is an aggressive spam operation that uses many business names. Received: from kintex.ptechzmail.com (kintex.ptechzmail.com [64.44.41.4]) Received: from sys-PC (unknown [110.235.225.3]) Date: 11 Mar 2022 09:##:##… Читать далее Spam Hosting (peertechz.com) (PeertechZ) (OMICS)
Spam MX Services (peertechz.us) (PeertechZ) (OMICS)
This IP address hosts the A and MX records for the domain peertechz.us. this domain belongs to PeerTechZ, aka OMICS. OMICS is a publisher of «open-access» journals that solicits contributions and (by implication) fees and/or subscriptions, through spam sent to scraped, purchased or appended lists. OMICS has more than 200 current and previous SBL listings.… Читать далее Spam MX Services (peertechz.us) (PeertechZ) (OMICS)
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Classic Club Golf <classicclubgolf@coursetrends.com> Subject: Classic Club Golf — Callaway Fitting Experience Sign Up — March 15 from 10:00am to 2:00pm Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the… Читать далее Abused / misconfigured newsletter service (listbombing)
Spam Emitter (Skills Network Training & Consultancy) (P2P Hub)
This IP address is sending spam for an operator of business training seminars and webinars that spams third-party lists. The current business name that we see is «Skills Network Training & Consultancy», but various other features point to this being the entity that used the name «P2B Hub» last year. Received: from server.trainingclub.club (server.trainersclub.club [194.233.73.229])… Читать далее Spam Emitter (Skills Network Training & Consultancy) (P2P Hub)