高防免备案cdn_如何解决_棋牌服务器被攻击如何办-墨者安全-墨者盾
DDOS防御_CC防护_高防CDN服务器_【墨者安全】—墨者盾墨者盾—你的网站贴身保镖!

QQ:800185041
高防免费接入:400-0797-119

渠道合作:156 2527 6999

主页 > 高防服务器 > 高防免备案cdn_如何解决_棋牌服务器被攻击如何办

高防免备案cdn_如何解决_棋牌服务器被攻击如何办

小墨安全管家 2021-04-08 14:08 高防服务器 89 ℃
DDoS防御

高防免备案cdn_如何解决_棋牌服务器被攻击如何办

facebook0linkedin0twitter0Reading Time:~ 3以为。you've received an online greting card from 123greetings.com?以为twice!Over the past couple of days,cybercriminals have spamvertised millions of emails impersonating the popular e-card service 123greetings.comin an attempt to trick end and corporate users into clicking on client-side exploits and malware serving links,courtesy of the Black Hole web malware exploitation kit.啥是那个运动这样特殊?我们能够连接到预spamvertised campaigns profiled在Web root的威胁?让我们找到了。更多细节:Screenshot of the spamvertised email:Unon clicking on any of the links found in the malicious emails,users are exposed to the following bogus"Obfuscated java script redirection:Spampvertised malicious URLs:hxxp//bjflm.cn postc.html;hxp:/minihotel74.com/pcard.html;hxp//wowgame.net.cn/pcard.html;hxp=/phototula.ru/postc.html;hxxp//joanjoy.com postc.html; hxp:/akrepilaclama.org/wp-content/plugins/akismet greet.html;hxp:/vinointhevalley.com/wp-content/plugins/akismet greet.htmlClient-side exploits serving URLs:hxxp:/remindingwands.org/main.php?page=861077b084221fd8-78.87.123.114;hxxp+voicecontroldevotes.info/main.php?page=6df899417330e77;hxxp=/immigrationunix.pro/main.php?page=28677a727af0456Client-side exploits served:CVE-2010-1885Upon successful exploitation,the campaign drops MD5:42307705ad637c615a6ed5fbf1e755d1–detected by 25 out of 42 antivirus scanners asTrojan.Win32♪♪Yakes.ansm;Mal/Katusha-I.Upon successful execution,the sample phones back to 87.120.41.155:8080 mx5/B/inMore MD5s are known to have phoned back to the same command and control server,CC防御防DDoSDDoS防御,such as for instance:MD5:b11421 acddbfc94544482d18446ba6d97MD5:4e0053fe00b65627 c07dc8c85c85a351MD5:90d1b3367e97f384af029b0f1674f7ffMD5:D2 be25ld958b743527C6e8f270de4e87.120.41.155 is actually a name server offering DNS resolving services to related malicious and command and control servers part of the campaign such as:(千美元)koalitia.ru你的mysqlfordummys.ru(4比索,PHP 4)经过n17t01 同步游戏ipadvssonyx.ru(4比索,PHP 4)你(4比索)zidane.ru俄罗斯Associated malicious name servers part of the campaign's infrastructure:ns1.spb-koalitia.ru62.76.190.208。ns2.spb-koalitia.ru203.172.140.202。ns3.spb-koalitia.ru87.120.41.155。ns4.spb-koalitia.ru173.224.208.60。ns5.spb-koalitia.ru62.76.188.138。N1。你的62.76.190.208。N2。你的203.172.140.202。N3。你的87.120.41.155。N4。你的173.224.208.60。N5。你的62.76.188.138。N1。mysqlfordummys.ru62.76.190.208。N2。mysqlfordummys.ru203.172.140.202。N3。mysqlfordummys.ru87.120.41.155。N4。mysqlfordummys.ru173.224.208.60。N5。mysqlfordummys.ru62.76.188.138。ns1.online-经过n17t01 同步62.213.64.161。ns2.online-经过n17t01 同步85.143.166.243。ns3.online-经过n17t01 同步41.66.137.155。ns4.online-经过n17t01 同步184.106.189.124。ns5.online-经过n17t01 同步203.172.140.202。ns6.online-经过n17t01 同步87.120.41.155。N1。。N2。。N3。。N4。。N5。。ns1.switched-游戏62.213.64.161。ns2.switched-游戏85.143.166.243。ns3.switched-游戏41.66.137.155。ns4.switched-游戏184.106.189.124。ns5.switched-游戏203.172.140.202。ns6.switched-游戏87.120.41.155。N1。ipadvssonyx.ru=62.76.190.208N2。ipadvssonyx.ru=203.172.140.202N3。ipadvssonyx.ru=87.120.41.155N4。ipadvssonyx.ru=173.224.208.60N5。ipadvssonyx.ru=62.76.188.138ns1.online-你62.76.190.208。ns2.online-你203.172.140.202。ns3.online-你87.120.41.155。ns4.online-你173.224.208.60。ns5.online-你62.76.188.138。ns1.zenedin-zidane.ru62.213.64.161。ns2.zenedin-zidane.ru85.143.166.243。ns3.zenedin-zidane.ru41.66.137.155。ns4.zenedin-zidane.ru184.106.189.124。ns5.zenedin-zidane.ru203.172.140.202。ns6.zenedin-zidane.ru87.120.41.155。N1。俄罗斯62.213.64.161。N2。俄罗斯85.143.166.243。N3。俄罗斯41.66.137.155。N4。俄罗斯184.106.189.124。N5。俄罗斯203.172.140.202。N6。俄罗斯87.120.41.155。Related client-side exploits and malware serving URLs spamvertised in the same campaign,also drop MD5:cd0aac6df71fa28d4564406a24f7e1a2-detected by 28 out of 42 antivirus scanners as日内瓦:Variant.Zusy.15382;P2PWorm.Win32♪♪Palevo.fbvx2.The second sample phones back to 87.204.199.100:8080/mx5 B/in/not surprisingly,we've already seen this command and and control server used in numerous profiled campaigns back to 87.204.199.199.100:8080/mx5 B/in/not sursurprisingly,we'we we we've already seen this command and control server server server server used in numerous profiled campaigns program campaigns,such as,for instance,the AT&T Billing Center spam campaipal spam campaign campaign,the American Ail spam spam spam campapapay spam campaign,DDoS防御,and the Dspam campaign.Webrot SecureAnywhere users are proactively protected from these threats.你能够找到更多对于丹奇Danchev在他的Linkedin简介。你也能够跟着他在推特。About the AuthorBlog Staff网络博客提供了专家意见和分析,成为最新的网络安全趋势。Whether you'a re a home or business user,we're dedicated to giving you the awareness and knowledge need to stay ahead of today's cyber threats.facebook0linkedin0twitter0


DDoS防御

当前位置:主页 > 高防服务器 > 高防免备案cdn_如何解决_棋牌服务器被攻击如何办

标签列表
DDoS防御
网站分类
X
 

QQ客服

400-0797-119