Автор: blog

Left online for weeks: https://feedproxy.google.com/~r/xi2/~3/DXz2o_qilzk https://feedproxy.google.com/~r/xi2/~3/QsZ5YOQF32E https://feedproxy.google.com/~r/xi2/~3/UvGtxNJrAWU >>> https://vectorcaremedicals.shop/?OwMbKfzzopNA

Spammer hosting located here: datewithbeauty.cn. 600 IN A 35.235.76.88 rulovedate1.cn. 600 IN A 35.235.76.88

According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. To solve this abuse issue, we recommend ARIN… Читать далее Malware / Botnet / Phishing hosting server @34.145.165.100

amazonapp-billing.com has address 34.150.202.126 verified-prime-billing.com has address 34.150.202.126 prime-verified-billing.com has address 34.150.202.126 primebillings-account.com has address 34.150.202.126 34.150.202.126|amazonapp-billing.com|2021-07-05 34.150.202.126|auth-prime.com|2021-07-04 34.150.202.126|prime-accountissue.com|2021-07-05 34.150.202.126|prime-appsecure.com|2021-07-04 34.150.202.126|prime-billingservice.com|2021-07-01 34.150.202.126|prime-billingverify.com|2021-07-01 34.150.202.126|prime-billissued.com|2021-07-05 34.150.202.126|prime-confirmation.com|2021-07-01 34.150.202.126|prime-gets-information.com|2021-07-05 34.150.202.126|prime-secureservice.com|2021-07-02 34.150.202.126|prime-verified-billing.com|2021-07-05 34.150.202.126|primeaccount-billing.com|2021-07-04 34.150.202.126|primeaccount-service.com|2021-07-04 34.150.202.126|primebilling-account.com|2021-07-02 34.150.202.126|primebilling-auth.com|2021-07-04 34.150.202.126|primebillings-account.com|2021-07-05 34.150.202.126|primebills-account.com|2021-07-04 34.150.202.126|primeservice-secure.com|2021-07-04 34.150.202.126|verified-prime-billing.com|2021-07-05

https://firebasestorage.googleapis.com/v0/b/bsydvxcxhcczcjcbacchcbz.appspot.com/o/%25%24%23%24%23%23%24%25smn%5E%25%23%25%24.html?alt=media&token=f573f26d-04b1-4de2-9e60-973ed37c31e5#victim@example.com firebasestorage.googleapis.com. 123 IN A 172.217.14.106

hXXp://securelinksub.com GOVERNMENT PANDEMIC STIMULUS BONUS UNDER PRESIDENT JOE BIDEN securelinksub.com has address 35.209.24.90

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 34.89.184.90 on port 80 (using HTTP POST): hXXp://34.89.184.90/ $ nslookup 34.89.184.90 90.184.89.34.bc.googleusercontent.com Referencing malware binaries (MD5 hash): 6e7c73591f14dc0be945a5afccb7b9fd — AV detection: 43… Читать далее RaccoonStealer botnet controller @34.89.184.90

Received: from mail-qk1-x742.google.com ([2607:f8b0:4864:20::742]) From: «CVRLXS TC/HC» <steam666carlos@gmail.com> Date: Wed, 14 Jul 2021 08:49:23 +0700 Subject: Attn: Are you sure you don’t want this? URL: https://amahotdeals.xyz/amahotdealsxyz Server IP address is 162.0.215.56 Location: https://amztopdeals.xyz/amahotdealsxyz Server IP address is 198.54.116.143 Location: https://zolatee.com/customnamegifts?pr=YOUARECOOL Server IP address is 35.186.216.166

34.149.82.119 go.whatifoffers.com 2021-07-13 18:57:41 34.149.82.119 go.wiadn.com 2021-07-09 16:01:40 34.149.82.119 go.wilists.com 2021-07-12 20:33:55 34.149.82.119 run.wistable.com 2021-07-13 15:29:34 34.149.82.119 whatchawonton.com 2021-07-07 22:07:51 34.149.82.119 whatraffic.com 2021-07-03 15:50:52 34.149.82.119 wicamps.com 2021-07-13 08:40:41 34.149.82.119 wihclicks.com 2021-07-03 15:45:36 34.149.82.119 wihoffers.com 2021-07-11 13:59:00 34.149.82.119 wihsites.com 2021-07-03 15:50:39 34.149.82.119 wimgcamps.com 2021-07-03 15:50:49 34.149.82.119 wimgclicks.com 2021-07-03 15:45:49 34.149.82.119 wimgoffers.com 2021-07-03 15:50:37 34.149.82.119 wivisits.com 2021-07-03… Читать далее Spamvertised websites

Received: from cocots.com (163.172.182.142) From: Strøm <noreply@karklik.ru!> Subject: Tinde Energi gir 50 % rabatt til alle nye kunder i 2 måneder Date: Wed, 14 Jul 2021 07:1x:xx +0000 https://algatv.com/track/[] => https://zeshelo.com/?a=2020&oc=12996&c=37132&m=3&s1=12&s2=66-1690&s3=[] => https://vxb.rapidofferconnect.com/?s1=[]&s2=66-1690&kw=2020 algatv.com. 300 IN A 104.21.92.13 algatv.com. 300 IN A 172.67.184.127 zeshelo.com. 300 IN A 35.204.23.131 vxb.rapidofferconnect.com. 300 IN A 185.117.75.202