Автор: blog

FluBot android malware distribution sites: http://aheadfinance.xyz/d.php http://altpowersolar.club/m.php http://analist.club/p.php http://bamiz.club/c.php http://bamiz.xyz/c.php http://bestcomputer.xyz/b.php http://binaryprobe.club/u.php http://bloggrid.club/j.php http://bloggrid.xyz/j.php http://blogstats.club/v.php http://bookpost.xyz/h.php http://buildmyshop.club/u.php http://buzzzone.xyz/n.php http://chinatimes.xyz/o.php http://click-online.xyz/b.php http://comfortblog.xyz/c.php http://copywhy.club/s.php http://demido.club/s.php http://demido.xyz/r.php http://dgame.xyz/h.php http://diorqq.xyz/g.php http://doteach.xyz/u.php http://ebooksfile.club/y.php http://ebooksfile.xyz/s.php http://ecosuite.club/f.php http://edostuff.xyz/v.php http://etherapps.xyz/p.php http://factriddle.xyz/y.php http://familycar.club/q.php http://foodeezone.club/l.php http://foodeezone.xyz/y.php http://freeforward.club/n.php http://freeforward.xyz/n.php http://freshstock.xyz/w.php http://gamercenter.xyz/l.php http://geniusfund.club/c.php http://geniusfund.xyz/t.php http://hairlab.xyz/o.php http://healthcon.xyz/q.php http://healthdinner.club/j.php http://healtheffect.xyz/g.php http://homnio.xyz/s.php http://hourpower.club/i.php http://hugcha.club/l.php http://hugcha.xyz/m.php http://hyperserial.xyz/y.php http://hypocraft.club/v.php http://infosag.club/n.php http://infosag.xyz/l.php http://instacode.xyz/d.php… Читать далее FluBot malware distribution @172.67.162.240

FluBot android malware distribution hosted here: https://hachara.xyz/n.php https://haharley.xyz/b.php https://iemei.xyz/z.php https://illana.xyz/w.php https://imarthur.xyz/h.php https://imcamilla.xyz/x.php https://imemilia.xyz/r.php https://imhassan.xyz/k.php https://imjoselyn.xyz/h.php https://imlouis.xyz/u.php https://immarlene.xyz/y.php https://impatricia.xyz/w.php https://inaina.xyz/p.php https://inina.xyz/s.php https://janae.xyz/m.php https://jojude.xyz/r.php https://katharyn.xyz/p.php https://katherin.xyz/d.php https://kieth.xyz/p.php https://labenito.xyz/a.php https://ladominique.xyz/t.php https://ladot.xyz/u.php https://languyet.xyz/e.php https://lanton.xyz/c.php https://laquinton.xyz/z.php https://latonia.xyz/n.php https://lejerome.xyz/w.php $ dig +short imhassan.xyz 172.67.204.101 104.21.93.40

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://i.spesgrt.com/lqosko/p18j/customer3.exe $ dig +short i.spesgrt.com 104.21.88.226 Referencing malware binaries (MD5 hash): 00810b59644d1610f9eb57e2d9e175e4 — AV detection: 40 / 69 (57.97) 078192e792b12a8d9980f364e110155c — AV detection: 40 / 70 (57.14) 0854d681b1bd72e1f27a1704e74df187 — AV detection: 37 / 68 (54.41) 0965da18bfbf19bafb1c414882e19081 — AV… Читать далее Malware distribution @104.21.88.226

Received: from [167.99.183.60] (helo=mta0.tcscales.com) From: [] Notice <achan@lamina.pl> Date: 25 Aug 2021 01:3x:xx +0200 Subject: Warning️警告：收到的邮件被阻止 https://lobeyto.com/sm/?x=x&a=user@victim.com lobeyto.com. 300 IN A 104.21.72.188 lobeyto.com. 300 IN A 172.67.154.93

Received: from mail.extensionss.co (mail.extensionss.co [192.3.12.106]) Date: Thu, 26 Aug 2021 13:0x:xx +0000 Subject: Happy box heeft jou geselecteerd als mogelijke winnaar van een Praxis cadeaupas t.w.v. €500! From: PRAXIS 610 <mail@extensionss.co> https://shirt.nominies.biz/index.php/campaigns/[] 104.21.10.92 https://horsefit.co/biz64 104.21.35.243 http://www.trygver.com/6KSXZNZ/45TJ3T/ 176.98.40.160 https://www.smoothtrk1.com/6KSXZNZ/98T51MD/?__rpt=0&__po=64&__ptid=[]&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 176.98.40.160

Received: from mail.extensionss.co (mail.extensionss.co [192.3.12.106]) Date: Thu, 26 Aug 2021 13:0x:xx +0000 Subject: Happy box heeft jou geselecteerd als mogelijke winnaar van een Praxis cadeaupas t.w.v. €500! From: PRAXIS 610 <mail@extensionss.co> https://shirt.nominies.biz/index.php/campaigns/[] 104.21.10.92 https://horsefit.co/biz64 104.21.35.243 http://www.trygver.com/6KSXZNZ/45TJ3T/ 176.98.40.160 https://www.smoothtrk1.com/6KSXZNZ/98T51MD/?__rpt=0&__po=64&__ptid=[]&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 176.98.40.160

Stolen credit card data websites: feacc-18.ru. 300 IN A 172.67.70.94 feacc-18.ru. 300 IN A 104.26.7.242 feacc-18.ru. 300 IN A 104.26.6.242 ___________________________ was: fe-acc18.su. 299 IN A 54.67.121.198 fe18.su. 299 IN A 186.2.161.157 186.2.161.157 param.feacc-18.ru 2021-05-07 06:20:02 186.2.161.157 metrology.feacc-18.ru 2021-05-07 05:39:10 186.2.161.157 keep-alive.feacc-18.ru 2021-05-07 04:52:11 186.2.161.157 axis.feacc-18.ru 2021-05-07 01:37:22 186.2.161.157 feacc-18.ru 2021-05-06 23:00:43 186.2.161.157 fe18.su 2021-05-06… Читать далее Carding fraud site/forum: fe18.su (fe-acc18.su / unicvvs.su) etc.

Received: from mail-pg1-x533.google.com ([2607:f8b0:4864:20::533]) From: thaiduong628@gmail.com Date: Sun, 29 Aug 2021 00:01:16 +0200 Subject:Funny T-Shirts For Engineer And Jobs Title T-Shirts https://engineerstore3.blogspot.com/2021/08/h2.html https://scienceflower.com/campaign/heavy-metals-chemistry-science-t-shirts engineerstore3.blogspot.com. 3600 IN CNAME blogspot.l.googleusercontent.com. blogspot.l.googleusercontent.com. 300 IN A 142.251.32.1 scienceflower.com. 300 IN A 104.21.51.216 scienceflower.com. 300 IN A 172.67.186.95

Spammer hosting located here: $ dig +short www.hostingseekers.com 172.67.153.171 104.21.64.170 Received: from a8-74.smtp-out.amazonses.com (a8-74.smtp-out.amazonses.com [54.240.8.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Thu, 9 Sep 2021 X DKIM-Signature: X DKIM-Signature: X Message-ID: <X@email.amazonses.com> Date: Thu, 9 Sep 2021 X Subject:… Читать далее Spammer hosting @172.67.153.171

Received: from vodamail.co.za (196.11.146.229) by BN8NAM12FT017.mail.protection.outlook.com (10.13.182.170) with Microsoft SMTP Server id 15.20.4523.8 via Frontend Transport; Sun, 12 Sep 2021 16:1x:xx +0000 Received: from vodamail.co.za (unknown [104.194.247.154]) (Authenticated sender: 27728376899) by mdrrx900svcs01vmlsmtp01.vodamail.internal (Postfix) with ESMTPA id [] for []; Sun, 12 Sep 2021 18:1x:xx +0200 (SAST) Date: Mon, 13 Sep 2021 0:1x:xx +0800 From: Generic… Читать далее Pharmacy website