Several IP addresses within 185.187.116.0/27 are sending spam for btobtrends.com (BtoBtrends) to a number of spamtraps that collectively must have been scraped, purchased, or obtained from an email appender. This is outright spam and is not acceptable. MsgFocus (Upland): Please deal with your spamming customer. Received: from mail116-100.us2.msgfocus.com (mail116-100.us2.msgfocus.com [185.187.116.100]) Date: Sat, 26 Feb 2022… Читать далее btobtrends.com (BtoBtrends) (SECOND SBL LISTING!)
Hosting phishing domains
ajaxtracker.com. 600 IN A 141.8.194.6 coupon-popup.net. 600 IN A 141.8.194.6 ______________________ Was: ajaxtracker.com. 600 IN A 5.188.133.204 coupon-popup.net. 600 IN A 5.188.133.204 ______________________ Was: 31.28.27.127 ajaxtracker.com 2022-02-26 15:36:28 31.28.27.127 cdn-cgi.net 2022-02-27 04:37:46 31.28.27.127 coupon-popup.net 2022-02-27 04:40:34 31.28.27.127 guardns.biz 2022-01-20 18:13:23 31.28.27.127 jquery-ui.net 2022-02-27 03:46:23 31.28.27.127 jquerylibs.net 2022-02-27 04:20:19 31.28.27.127 jqueryllc.net 2022-02-27 03:29:19 31.28.27.127 magento-plugin.com 2022-02-27… Читать далее Hosting phishing domains
Loki botnet controller @176.119.147.3
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 176.119.147.3 on port 80 (using HTTP POST): hXXp://hstfurnaces.net/gd4/fre.php $ dig +short hstfurnaces.net 176.119.147.3 Referencing malware binaries (MD5 hash): 0d5b6c1f4ae4856fb7e00acd033c7938 — AV detection:… Читать далее Loki botnet controller @176.119.147.3
AsyncRAT botnet controller @129.151.83.165
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 129.151.83.165 on port 7177 TCP: $ telnet 129.151.83.165 7177 Trying 129.151.83.165… Connected to 129.151.83.165. Escape character… Читать далее AsyncRAT botnet controller @129.151.83.165
Assorted phish landing sites.
Chinese phisher landing sites by the bushel. URLS like: hxxps://kddli.oaiu.zxbssw.xyz hxxps://kidi.aui.cxvdef.xyz hxxps://aiui.kads.brswfs.xyz hxxps://viu.kddl.vaexcm.xyz hxxps://kaidi.iuia.eqexc.xyz All KDDI AU phish. 34.97.207.128 0elzngf5rj90hkv.kiu.aui.hsgafd.xyz 34.97.207.128 hcxvlvbq2e3gi3n.kiu.aui.hsgafd.xyz 34.97.207.128 m0r4v1cgespcnar.kiu.aui.hsgafd.xyz 34.97.207.128 aw9ixf4pyxss49a.kiu.aui.hsgafd.xyz 34.97.207.128 mj6dssejl6sjirb.kiu.aui.hsgafd.xyz 34.97.207.128 scojantgsuhjlir.kiu.aui.hsgafd.xyz 34.97.207.128 kiu.aui.hsgafd.xyz 34.97.207.128 w6w4wdobu4zhhml.kiu.aui.hsgafd.xyz 34.97.207.128 yp606jmibcfkags.kiu.aui.hsgafd.xyz 34.97.207.128 gmg9zskkanstsig.kiu.aui.hsgafd.xyz 34.97.207.128 uvci6v8hlw0je4k.kiu.aui.hsgafd.xyz 34.97.207.128 b9k1bg9idkexhap.kiu.aui.hsgafd.xyz 34.97.207.128 okobolqijyeduuy.kiu.aui.hsgafd.xyz 34.97.207.128 sic5n5mfa2onzfm.kiu.aui.hsgafd.xyz 34.97.207.128 y9leqwosuqks9ng.kiu.aui.hsgafd.xyz 34.97.207.128 q3ek06t4wrfbu2o.kiu.aui.hsgafd.xyz 34.97.207.128 vmsvrvgk06xvlbm.kiu.aui.hsgafd.xyz 34.97.207.128 rgf7drpolhdwntr.kiu.aui.hsgafd.xyz 34.97.207.128… Читать далее Assorted phish landing sites.
Malware / Botnet / Phishing hosting server @185.185.70.179
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 185.185.70.179 port 443… Читать далее Malware / Botnet / Phishing hosting server @185.185.70.179
spam source (again)
54.240.68.178 a68-178.smtp-out.amazonses.com «a68-178.smtp-out.amazonses.com» 2022-02-26T19:30:00Z (+/-10 min) 54.240.68.179 a68-179.smtp-out.amazonses.com «a68-179.smtp-out.amazonses.com» 2022-02-26T18:40:00Z (+/-10 min) 54.240.68.189 a68-189.smtp-out.amazonses.com «a68-189.smtp-out.amazonses.com» 2022-02-26T19:30:00Z => 2022-02-26T19:40:00Z (+/-10 min) 54.240.68.176/28 (54.240.68.176 .. 54.240.68.191) 54.240.71.189 a71-189.smtp-out.amazonses.com «a71-189.smtp-out.amazonses.com» 2022-02-26T20:30:00Z (+/-10 min) 54.240.71.190 a71-190.smtp-out.amazonses.com «a71-190.smtp-out.amazonses.com» 2022-02-26T18:40:00Z (+/-10 min) 54.240.71.193 a71-193.smtp-out.amazonses.com «a71-193.smtp-out.amazonses.com» 2022-02-26T19:00:00Z (+/-10 min) 54.240.71.197 a71-197.smtp-out.amazonses.com «a71-197.smtp-out.amazonses.com» 2022-02-26T18:40:00Z (+/-10 min) 54.240.71.198 a71-198.smtp-out.amazonses.com «a71-198.smtp-out.amazonses.com» 2022-02-26T18:40:00Z => 2022-02-26T19:10:00Z (+/-10… Читать далее spam source (again)
spam source (again)
54.240.68.178 a68-178.smtp-out.amazonses.com «a68-178.smtp-out.amazonses.com» 2022-02-26T19:30:00Z (+/-10 min) 54.240.68.179 a68-179.smtp-out.amazonses.com «a68-179.smtp-out.amazonses.com» 2022-02-26T18:40:00Z (+/-10 min) 54.240.68.189 a68-189.smtp-out.amazonses.com «a68-189.smtp-out.amazonses.com» 2022-02-26T19:30:00Z => 2022-02-26T19:40:00Z (+/-10 min) 54.240.68.176/28 (54.240.68.176 .. 54.240.68.191) 54.240.71.189 a71-189.smtp-out.amazonses.com «a71-189.smtp-out.amazonses.com» 2022-02-26T20:30:00Z (+/-10 min) 54.240.71.190 a71-190.smtp-out.amazonses.com «a71-190.smtp-out.amazonses.com» 2022-02-26T18:40:00Z (+/-10 min) 54.240.71.193 a71-193.smtp-out.amazonses.com «a71-193.smtp-out.amazonses.com» 2022-02-26T19:00:00Z (+/-10 min) 54.240.71.197 a71-197.smtp-out.amazonses.com «a71-197.smtp-out.amazonses.com» 2022-02-26T18:40:00Z (+/-10 min) 54.240.71.198 a71-198.smtp-out.amazonses.com «a71-198.smtp-out.amazonses.com» 2022-02-26T18:40:00Z => 2022-02-26T19:10:00Z (+/-10… Читать далее spam source (again)
AsyncRAT botnet controller @3.140.223.7
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.140.223.7 on port 19070 TCP: $ telnet 3.140.223.7 19070 Trying 3.140.223.7… Connected to 3.140.223.7. Escape character… Читать далее AsyncRAT botnet controller @3.140.223.7
Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.idinaxui-netspama.ru. 7168 IN A 194.87.218.158 ns2.idinaxui-netspama.ru. 7159 IN A 5.188.82.72 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 5.188.88.192 ns2.idinaxui-netspama.ru. 7159 IN A 185.103.109.130 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 5.180.136.218 ns2.idinaxui-netspama.ru. 7159 IN A 45.8.230.32 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 38.83.79.215 ns2.idinaxui-netspama.ru. 7159 IN A 185.173.38.225 ___________________ Was:… Читать далее Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)