Fake URL shorteners 34.106.127.116|hostbi01-authicly.com|2022-02-17 17:18:28 34.106.127.116|secbe2-authicly.com|2022-02-17 18:32:32 34.106.127.116|secu05-authicly01.com|2022-02-18 21:41:09 34.106.127.116|securb03-authicly.org|2022-02-17 19:37:19 34.106.127.116|securb05-authicly.com|2022-02-18 21:36:29 34.106.127.116|usersbic04-authicle.com|2022-02-18 22:51:34 34.106.127.116|usersly04-secb03.com|2022-02-19 00:41:13
phishing server
IP : nvcdlv.com has address 20.97.174.195 # TITLE — Welcome | USPS 20.97.174.195|bflsh.com|2022-02-16 04:59:45 20.97.174.195|cshubparcel.com|2022-02-18 05:53:46 20.97.174.195|deliverpstl.com|2022-02-15 02:50:02 20.97.174.195|docs.checkregups.com|2022-02-18 22:03:49 20.97.174.195|docs.poservusps.com|2022-02-18 22:04:02 20.97.174.195|en-usprcl.com|2022-02-19 03:16:14 20.97.174.195|energyckyc.com|2022-02-18 21:51:34 20.97.174.195|exparticipman.com|2022-02-18 20:41:56 20.97.174.195|fendipostl.com|2022-02-18 22:04:44 20.97.174.195|hompostalid.com|2022-02-18 22:04:58 20.97.174.195|hubprclpostal.com|2022-02-19 03:04:29 20.97.174.195|lookparcel.com|2022-02-17 06:19:58 20.97.174.195|mpckgs1.com|2022-02-13 10:31:09 20.97.174.195|nvcdlv.com|2022-02-18 22:05:24 20.97.174.195|postal1srv.com|2022-02-14 04:40:07 20.97.174.195|scndbit.com|2022-02-18 03:51:30 20.97.174.195|scrowpst.com|2022-02-18 22:05:52 20.97.174.195|srvupstl.com|2022-02-18 22:06:03 20.97.174.195|uppckg1s.com|2022-02-18 03:23:23 20.97.174.195|uspckg1.com|2022-02-18 22:06:29 20.97.174.195|uspshomeid.com|2022-02-18 22:06:43 20.97.174.195|valdressup.com|2022-02-18… Читать далее phishing server
Malware botnet controller @135.125.241.37
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.125.241.37 on port 443: $ telnet 135.125.241.37 443 Trying 135.125.241.37… Connected to 135.125.241.37. Escape character is ‘^]’ ads-memory.biz. 60 IN A 135.125.241.37… Читать далее Malware botnet controller @135.125.241.37
spam source
45.33.38.213 45-33-38-213.ip.linodeusercontent.com «norditd.tk» 2022-02-18T14:00:00Z (+/-10 min) 45.33.38.213/32 (45.33.38.213 .. 45.33.38.213) == Sample ========================== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=norditd.tk; h=Date:To:From:Reply-To:Subject:Message-ID:List-Unsubscribe:MIME-Version: Content-Type; i=admin@norditd.tk; bh=.*=; b=.*Z.*z.*z.*6.*O.* .*A.*h.*fR.*R.*f.* .*U.*7.*V.*= Date: .* Return-Path: return@nordith.ml To: .* From: .* <admin@norditd.tk> Reply-To: admin@norditd.tk Subject: =?UTF-8?Q?1000%_Bonus_Pack_from_.*_=F0=9F=94=A5?= Message-ID: <.*b.*aa.*9.*1.*a.*@nordith.ml> List-Unsubscribe: <http://nordith.ml/mailer/unsubscribe.php?id=P.*N.*h.*ZT.*Y.*5.*QG5vcmRpdGgubWw%2B> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=»b1_.*0.*18.*a.*8.*6.*7.*» —b1_.*0.*18.*a.*8.*6.*7.* Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =09… Читать далее spam source
spam source
3.18.50.110 campaign.theartcraftgroup.com «campaign.theartcraftgroup.com» 2022-02-17T17:20:00Z => 2022-02-17T17:40:00Z (+/-10 min) 3.18.50.110/32 (3.18.50.110 .. 3.18.50.110) == Sample ========================== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=promotionsnow.com; s=campaign; h=From:From:To:CC:Subject:Date:Message-Id:Content-Type:Received; bh=.*=; b=.*=; Received: from 10.0.200.240 ([10.0.200.240]) by campaign.theartcraftgroup.com with XWall v3.55 ; .* From: Health Promotions Now <NoReply@promotionsnow.com> To: .* <.*> Return-Path: «bounceback@theartcraftgroup.com» <bounceback@theartcraftgroup.com> Reply-To: Health Promotions Now <NoReply@promotionsnow.com> Subject: Shop a Variety… Читать далее spam source
spam source
[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. w+ 54.240.8.58 a8-58.smtp-out.amazonses.com «a8-58.smtp-out.amazonses.com» 2022-02-17T23:00:00Z (+/-10 min) 54.240.8.58/32 (54.240.8.58 .. 54.240.8.58)… Читать далее spam source
Malware distribution. Botnet C2 for SBL543190
Remcos? astar.mba Eranet International Limited comb.fund Eranet International Limited junonetwork.net Eranet International Limited pacakehelpswaps.site OnlineNIC, Inc. rari.fund Eranet International Limited <— this one has malware that sends you to 157.90.1.54 titano.fund Eranet International Limited
Hosting phishing domains
176.113.80.252 ajaxtracker.com 2022-02-18 01:26:31 176.113.80.252 cdn-cgi.net 2022-02-18 02:47:03 176.113.80.252 coupon-popup.net 2022-02-18 03:52:13 176.113.80.252 jquery-ui.net 2022-02-18 02:16:45 176.113.80.252 jquerylibs.net 2022-02-18 04:00:13 176.113.80.252 jqueryllc.net 2022-02-18 05:02:30 176.113.80.252 magento-plugin.com 2022-02-18 03:26:41 176.113.80.252 purechal.com 2022-02-18 00:16:51 176.113.80.252 trustdomains.net 2022-02-18 02:16:25 ______________________ Was: 5.188.89.212 ajaxtracker.com 2022-02-17 08:37:01 ______________________ Was: 185.251.90.19 ajaxtracker.com 2022-02-15 02:56:20 185.251.90.19 cdn-cgi.net 2022-02-15 02:51:38 185.251.90.19 coupon-popup.net 2022-02-15… Читать далее Hosting phishing domains
spam source
Poorly configured MSA or other SMTP sender (possibly insecure) has sent spam from this IP address for a year. No SMTP response from the IP address: $ telnet 167.114.117.203 25 Trying 167.114.117.203… telnet: connect to address 167.114.117.203: Connection timed out $ host 167.114.117.203 203.117.114.167.in-addr.arpa domain name pointer ns511807.ip-167-114-117.net.
phishing server
54.169.176.10|becusignin-help-error-id.org|2022-02-10 02:52:21 54.169.176.10|secure01webidenity.email|2022-02-10 04:21:14 54.169.176.10|secure02webidenity.email|2022-02-10 17:27:58 54.169.176.10|signhelp-secured-errorid001zbas.email|2022-02-11 00:01:24 54.169.176.10|signin-becu9help-error-id.org|2022-02-18 00:36:26 54.169.176.10|signin-chase8help-error-id.org|2022-02-10 13:12:17 54.169.176.10|signin-chase9help-error-id.org|2022-02-18 00:11:32 54.169.176.10|signin-macu9help-error-id.com|2022-02-17 07:36:48 54.169.176.10|www.signhelp-secured-errorid001zbas.email|2022-02-11 00:10:44