The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 178.238.230.180 on port 80 (using HTTP POST): hXXp://www.cakederam.com/Home/Index/djksye $ dig +short www.cakederam.com 178.238.230.180 $ nslookup 178.238.230.180 vmi476613.contaboserver.net
spam source
[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. w+ 54.240.8.58 a8-58.smtp-out.amazonses.com «a8-58.smtp-out.amazonses.com» 2022-02-17T23:00:00Z (+/-10 min) 54.240.8.58/32 (54.240.8.58 .. 54.240.8.58)… Читать далее spam source
spam source
w+ 54.240.8.58 a8-58.smtp-out.amazonses.com «a8-58.smtp-out.amazonses.com» 2022-02-17T23:00:00Z (+/-10 min) 54.240.8.58/32 (54.240.8.58 .. 54.240.8.58) w+ 54.240.10.19 a10-19.smtp-out.amazonses.com «a10-19.smtp-out.amazonses.com» 2022-02-17T22:00:00Z (+/-10 min) w+ 54.240.10.30 a10-30.smtp-out.amazonses.com «a10-30.smtp-out.amazonses.com» 2022-02-17T23:00:00Z (+/-10 min) w+ 54.240.10.92 a10-92.smtp-out.amazonses.com «a10-92.smtp-out.amazonses.com» 2022-02-17T22:20:00Z (+/-10 min) w 54.240.10.173 a10-173.smtp-out.amazonses.com «a10-173.smtp-out.amazonses.com» 2022-02-17T21:50:00Z (+/-10 min) w 54.240.10.199 a10-199.smtp-out.amazonses.com «a10-199.smtp-out.amazonses.com» 2022-02-17T23:00:00Z (+/-10 min) 54.240.10.0/24 (54.240.10.0 .. 54.240.10.255) w 54.240.48.26 a48-26.smtp-out.amazonses.com «a48-26.smtp-out.amazonses.com» 2022-02-17T21:40:00Z… Читать далее spam source
Hosting phishing domains
185.251.91.254 ajaxtracker.com 2022-02-19 01:36:06 185.251.91.254 cdn-cgi.net 2022-02-19 05:42:41 185.251.91.254 coupon-popup.net 2022-02-19 03:48:03 185.251.91.254 jquery-ui.net 2022-02-19 01:06:44 185.251.91.254 jquerylibs.net 2022-02-19 02:27:45 185.251.91.254 jqueryllc.net 2022-02-19 02:32:55 185.251.91.254 magento-plugin.com 2022-02-19 02:46:48 185.251.91.254 purechal.com 2022-02-19 02:45:54 185.251.91.254 trustdomains.net 2022-02-19 01:37:57 ______________________ Was: 5.188.89.212 ajaxtracker.com 2022-02-17 08:37:01 ______________________ Was: 185.251.90.19 ajaxtracker.com 2022-02-15 02:56:20 185.251.90.19 cdn-cgi.net 2022-02-15 02:51:38 185.251.90.19 coupon-popup.net 2022-02-15… Читать далее Hosting phishing domains
Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.idinaxui-netspama.ru. 7168 IN A 5.180.136.218 ns2.idinaxui-netspama.ru. 7159 IN A 45.8.230.32 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 38.83.79.215 ns2.idinaxui-netspama.ru. 7159 IN A 185.173.38.225 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 38.83.79.215 ns2.idinaxui-netspama.ru. 7159 IN A 194.87.218.73 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 38.83.79.215 ns2.idinaxui-netspama.ru. 7159 IN A 107.174.244.11 ___________________ Was:… Читать далее Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Spam source @52.100.175.209
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05hn2209.outbound.protection.outlook.com [52.100.175.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Sat, 19 Feb 2022 X […] Received: from DU0PR01MB9285.eurprd01.prod.exchangelabs.com (2603:10a6:10:35d::11) by AM6PR0102MB3336.eurprd01.prod.exchangelabs.com (2603:10a6:209:5::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id X; Sat, 19 Feb… Читать далее Spam source @52.100.175.209
Spam source @52.100.19.39
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-cy1gcc01bn2039.outbound.protection.outlook.com [52.100.19.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Sat, 19 Feb 2022 X […] Received: from AM0PR05MB5649.eurprd05.prod.outlook.com (2603:10a6:208:113::16) by VI1PR05MB5408.eurprd05.prod.outlook.com (2603:10a6:803:8e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id X; Sat, 19 Feb… Читать далее Spam source @52.100.19.39
Spam source @52.100.173.227
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11hn2227.outbound.protection.outlook.com [52.100.173.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Sat, 19 Feb 2022 X […] Received: from DM6PR05MB6091.namprd05.prod.outlook.com (2603:10b6:5:38::18) by DM6PR05MB4586.namprd05.prod.outlook.com (2603:10b6:5:9c::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id X; Sat, 19 Feb… Читать далее Spam source @52.100.173.227
Spam source @52.100.163.223
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08hn2223.outbound.protection.outlook.com [52.100.163.223]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Sat, 19 Feb 2022 X […] Received: from SN6PR04MB5341.namprd04.prod.outlook.com (2603:10b6:805:f3::16) by SN6PR04MB4206.namprd04.prod.outlook.com (2603:10b6:805:3a::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id X; Sat, 19 Feb… Читать далее Spam source @52.100.163.223
Spam source @52.100.162.243
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam08hn2243.outbound.protection.outlook.com [52.100.162.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Sat, 19 Feb 2022 X […] Received: from SN6PR01MB4655.prod.exchangelabs.com (2603:10b6:805:d1::16) by BL0PR01MB5265.prod.exchangelabs.com (2603:10b6:208:76::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id X; Sat, 19 Feb… Читать далее Spam source @52.100.162.243