Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01hn2236.outbound.protection.outlook.com [52.100.6.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Fri, 25 Feb 2022 X […] Received: from VI1PR02MB4448.eurprd02.prod.outlook.com ([fe80::bc17:9c21:c8ea:7976]) by VI1PR02MB4448.eurprd02.prod.outlook.com ([fe80::bc17:9c21:c8ea:7976%3]) with mapi id X; Fri, 25 Feb 2022 X Message-ID: <X@illyes-heviz.hu>… Читать далее Spam source @52.100.6.236
Spam source @40.107.212.83
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam07on2083.outbound.protection.outlook.com [40.107.212.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Thu, 24 Feb 2022 X […] Received: from DM6PR17MB2457.namprd17.prod.outlook.com ([fe80::f00b:8ea5:2683:eb8c]) by DM6PR17MB2457.namprd17.prod.outlook.com ([fe80::f00b:8ea5:2683:eb8c%6]) with mapi id X; Thu, 24 Feb 2022 X Message-ID: <X@estudiantes.cordillera.edu.ec>… Читать далее Spam source @40.107.212.83
Spam source @52.100.20.249
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05hn2249.outbound.protection.outlook.com [52.100.20.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Thu, 24 Feb 2022 X […] Received: from VI1PR0102MB3184.eurprd01.prod.exchangelabs.com ([fe80::2c43:8fa2:e976:6927]) by VI1PR0102MB3184.eurprd01.prod.exchangelabs.com ([fe80::2c43:8fa2:e976:6927%3]) with mapi id X; Thu, 24 Feb 2022 X Message-ID: <X@ipcbcampus.pt>… Читать далее Spam source @52.100.20.249
Spam Hosting/Web (panelb.openacessaustinjunls.info) (Austin Publishing) (OMICS)
This IP address hosts the A and MX records of the domain openacessaustinjunls.info. This domain handles web-based unsubscriptions for spam sent by Austin Publishing, aka OMICS. OMICS is a publisher of «open-access» journals that solicits contributions and (by implication) subscriptions through spam sent to scraped, purchased or appended email addresses. OMICS sends a great deal… Читать далее Spam Hosting/Web (panelb.openacessaustinjunls.info) (Austin Publishing) (OMICS)
Loki botnet controller @172.67.180.126
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.180.126 on port 80 (using HTTP POST): hXXp://brokenskulltechnologies.tk/BN1/fre.php $ dig +short brokenskulltechnologies.tk 172.67.180.126 Referencing malware binaries (MD5 hash): 33e915c5057bbb6481b2d492d1bde0ed — AV detection:… Читать далее Loki botnet controller @172.67.180.126
Spamvertised website
2022-02-24 gotogml.com. 60 IN A 147.182.245.65 2022-02-24 gotogml.com. 60 IN A 213.166.70.250 2022-02-24 gotogml.com. 60 IN A 213.166.70.175 2022-02-23 gotogml.com. 60 IN A 37.140.197.206 2022-02-20 gotogml.com. 60 IN A 45.8.127.154 2022-02-01 gotogml.com. 60 IN A 194.87.1.4 2022-01-31 gotogml.com. 60 IN A 194.87.1.5 2022-01-20 gotogml.com. 60 IN A 194.87.185.11 2022-01-18 gotogml.com. 60 IN A 5.188.160.30 Received:… Читать далее Spamvertised website
Spamvertised website
Received: from orangepix.it (194.54.80.107) From: REFINⱭNSIERING <[]@centreforautism.ab.ca> Date: Thu, 24 Feb 2022 10:3x:xx +0000 Subject: SØK FORBRUKSLÅN INNTIL 500.000 KR https://s3.amazonaws.com/55s4dfs5454/54sdf45s4df87.html#qs=[] 52.216.86.165 http://bnetmail.net/qs=[] 199.249.170.125 https://koffdeal.com/?a=1478&oc=12541&c=35950&m=3&s1=[]&s2=[]&s3=55 35.204.100.162
Botnet spammed phishing domains: Phishing Google users.
213.226.112.51 google-site-verification.com 2022-02-24 03:39:57 213.226.112.51 googletags-manager.com 2022-02-24 03:31:59 213.226.112.51 script-analytic.com 2022-02-24 03:20:42 213.226.112.51 script-analytics.com 2022-02-24 03:37:01 _____________ Was: 92.38.149.48 google-site-verification.com 2022-02-23 04:18:27 92.38.149.48 googletags-manager.com 2022-02-23 04:36:48 92.38.149.48 script-analytic.com 2022-02-23 04:21:14 92.38.149.48 script-analytics.com 2022-02-23 04:41:09 _____________ Was: google-site-verification.com. 600 IN A 5.188.88.60 googletags-manager.com. 600 IN A 5.188.88.60 5.188.88.60 access-tdaccount.com 2022-02-15 00:00:29 5.188.88.60 apply-gov-covid.com 2021-10-25 11:36:32 5.188.88.60… Читать далее Botnet spammed phishing domains: Phishing Google users.
Loki botnet controller @188.114.97.15
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.97.15 on port 80 (using HTTP POST): hXXp://afripot.buzz/oluwa/five/fre.php $ dig +short afripot.buzz 188.114.97.15 Referencing malware binaries (MD5 hash): 00d56ddd073fc4e20d90087fd63a4dfc — AV detection:… Читать далее Loki botnet controller @188.114.97.15
Socelars botnet controller @185.169.252.236
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 185.169.252.236 on port 80 (using HTTP POST): hXXp://www.ekgcp.com/Home/Index/hdecny $ dig +short www.ekgcp.com 185.169.252.236 $ nslookup 185.169.252.236 vmi803628.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @185.169.252.236