Автор: blog

Reports ignored. https://hceeduvn-my.sharepoint.com/personal/16k4071002_hce_edu_vn/_layouts/15/onedrive.aspx?id=%2Fpersonal%2F16k4071002%5Fhce%5Fedu%5Fvn%2FDocuments%2F1%2F%F0%9F%92%96%F0%9F%8D%83%F0%9F%8C%B5%F0%9F%A7%89%20Hey%20Sweet%5Fheart%20%F0%9F%92%96%F0%9F%8D%83%F0%9F%8C%B5%F0%9F%A7%89%2Eurl&parent=%2Fpersonal%2F16k4071002%5Fhce%5Fedu%5Fvn%2FDocuments%2F1&originalPath=aHR0cHM6Ly9oY2VlZHV2bi1teS5zaGFyZXBvaW50LmNvbS86dTovZy9wZXJzb25hbC8xNms0MDcxMDAyX2hjZV9lZHVfdm4vRVlGWnl4X3dySVpDa1Z2OXFxenFkVDBCTHgwRUxOaEZLM1ZsUmJTWmJFdjRoQT9ydGltZT1nOFJ5M0txVjJFZw >>> https://meet-me4.wixsite.com/safe >>> https://qvbbkx.shewantyou.com/c/da57dc555e50572d?s1=99216&s2=1183551&j1=1&j3=1 >>> https://www.flirtstate.com/landing2?cat=milf&pt1=x&pi=1818&pe=xx ;; ANSWER SECTION: www.flirtstate.com. 3599 IN CNAME flirtstate.com. flirtstate.com. 3599 IN A 34.72.137.22 2020-09-14 11:48:06 chatomagic.com A 34.72.137.22 2020-10-02 08:09:52 citysweeties.com A 34.72.137.22 2020-09-16 07:17:48 flirtstate.com A 34.72.137.22 2020-11-18 19:46:09 myflirtalert.com A 34.72.137.22

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.213.167.255 on port 587 TCP: From: info@tri2win.co.nz To: boy92454@gmail.com $ telnet 35.213.167.255 587 Trying 35.213.167.255… Connected… Читать далее AgentTesla botnet controller @35.213.167.255

https://compagnidiviaggio.net/logs/update-your-account-information/security-measure/log-in/ https://compagnidiviaggio.net/logs/update-your-account-information/security-measure/log-in/myaccount/home?access_key=TSancJKeFeSA16gS2eBw7DNYKvABFTPQtQWvNQffgbX05sJllo compagnidiviaggio.net. 14399 IN A 34.90.48.198

http://luckycasweb.com 302 Redirect https://go.affpower.com/visit/?bta=36573&nci=6476 302 Redirect https://cp-ads.com/affs/bliss/cx/do/all?btag=36573_379340|||LP_Default_Offer_EN_ALL_ 301 Redirect https://cp-ads.com/affs/bliss/cx/do/all/index.html?btag=36573_379340%7C%7C%7CLP_Default_Offer_EN_ALL_ ;; ANSWER SECTION: go.affpower.com. 299 IN CNAME affpower-tracking.cxaff.com. affpower-tracking.cxaff.com. 299 IN CNAME go-affpower-com.cellexpertx.prod2.reblaze.com. go-affpower-com.cellexpertx.prod2.reblaze.com. 299 IN A 35.234.86.61 2020-05-26 17:05:17 admin-bdswiss-com.cellexpertx.prod2.reblaze.com A 35.234.86.61 2020-05-06 19:19:18 affiliate-api.cellexpertx.prod2.reblaze.com A 35.234.86.61 2020-01-07 01:25:39 affiliates-ig-com.cellexpertx.prod2.reblaze.com A 35.234.86.61 2020-05-06 19:20:20 affs-xforex-com.cellexpertx.prod2.reblaze.com A 35.234.86.61 2019-12-06 15:57:45 cpartner-bdswiss-com.cellexpertx.prod2.reblaze.com A 35.234.86.61 2020-05-27 00:32:13… Читать далее Hosting botnet spammed scam business & casino domains

http://luckycasweb.com 302 Redirect https://go.affpower.com/visit/?bta=36573&nci=6476 302 Redirect https://cp-ads.com/affs/bliss/cx/do/all?btag=36573_379340|||LP_Default_Offer_EN_ALL_ 301 Redirect https://cp-ads.com/affs/bliss/cx/do/all/index.html?btag=36573_379340%7C%7C%7CLP_Default_Offer_EN_ALL_ ;; ANSWER SECTION: cp-ads.com. 59 IN A 35.241.63.253

The host at this IP address (35.213.153.85) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://paramassociates.co.in/hqzhd6.txt AS number: AS15169 AS name: GOOGLE Hostname: 85.153.213.35.bc.googleusercontent.com

The host at this IP address (35.184.169.169) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://35.184.169.169/software056/SystemSecure.exe AS number: AS15169 AS name: GOOGLE Hostname: 169.169.184.35.bc.googleusercontent.com

The host at this IP address (34.95.239.176) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://office.horussolution.com/files/04UT0TR1/42tphpvi/ https://office.horussolution.com/files/jk31_bx_pr/ https://office.horussolution.com/files/paclm/58j2gdwo0o/l1s20858103992aizm1m9sjcg3z5oi/ https://office.horussolution.com/files/Documentation/5Fh7ALucpQ/ https://office.horussolution.com/files/paclm/4ddnAqPo2G/ AS number: AS15169 AS name: GOOGLE Hostname: 176.239.95.34.bc.googleusercontent.com

Received: from drama.tigerman.best (45.254.35.12 [45.254.35.12]) Date: Wed, 21 Apr 2021 12:0x:xx +0000 Subject: Surf mee op de bitcoin-golf en verdien een gegarandeerde From: Bitcoin Nieuws <drama@tigerman.best> https://drive.timeforu.info/index.php/campaigns/[] => https://yellowow.co/sup003 => https://www.vbpol29.com/[]/?uid=83 => https://ss852cctrkflw.com/transaction/click/[]?id=[]&offer_id=1&affiliate_id=18784&t=3&offer_name=Bitcoin+System[] => https://btsystemos.com/index.php?lang=[]&id=[]&offer_id=1&affiliate_id=18784&t=3&offer_name=Bitcoin+System[] => https://ssfxtrade.com/autologin/[] => https://www.obrinvest.com/redirects/trade/?lang=en drive.timeforu.info. 300 IN A 104.21.17.142 drive.timeforu.info. 300 IN A 172.67.176.212 yellowow.co. 300 IN A 104.21.2.27 yellowow.co.… Читать далее Bitcoin scam redirectors.

https://compagnidiviaggio.net/logs/update-your-account-information/security-measure/log-in/ compagnidiviaggio.net. 14343 IN A 34.90.48.198 SBL503748 34.90.48.198 google.com 2020-12-02 Hacked server hosting PayPal phish site SBL503455 34.90.48.198 google.com 2020-12-05 Hacked server hosting PayPal phish site