Attack Server

Exploit scanner 1638207204.833 0 206.189.131.7 TCP_DENIED/403 4019 GET http://X.X.X.X/pma2019/index.php? — HIER_NONE/- text/html 1638207205.398 0 206.189.131.7 TCP_DENIED/403 4007 GET http://X.X.X.X/pma/index.php? — HIER_NONE/- text/html 1638207205.974 0 206.189.131.7 TCP_DENIED/403 4042 GET http://X.X.X.X/admin/sqladmin/index.php? — HIER_NONE/- text/html 1638207206.616 0 206.189.131.7 TCP_DENIED/403 4019 GET http://X.X.X.X/PMA2021/index.php? — HIER_NONE/- text/html 1638207207.207 0 206.189.131.7 TCP_DENIED/403 4019 GET http://X.X.X.X/PMA2016/index.php? — HIER_NONE/- text/html 1638207207.699 0 206.189.131.7… Читать далее Attack Server

phishing server

128.199.10.234|secure05-update-citi.com|2021-11-24 15:56:26 128.199.10.234|secure07-citiupdate.com|2021-11-23 20:31:14 128.199.10.234|secure07bciti.com|2021-11-27 17:55:40 128.199.10.234|secure08-citisecurity.com|2021-11-27 00:15:56 128.199.10.234|server-citizns01b.com|2021-11-26 17:01:12 128.199.10.234|server01bciti.com|2021-11-26 19:06:44 128.199.10.234|server02b-citi.com|2021-11-26 21:10:52 128.199.10.234|server03b-citi03b.com|2021-11-26 23:06:27 128.199.10.234|updatecitizns01b.com|2021-11-26 17:36:55

spam support (domains)

domain used in spam opration Subject: 5OusdHomeDePot.ReVVarD.PticiationRequirD truefint.com [165.227.27.17]

Spamvertised bitcoin scam.

Was SBL537336 91.202.5.69 Was SBL537239 31.42.177.99 bitforte.net has address 164.90.195.160 www.bitforte.net has address 164.90.195.160 www.fortcoin.net has address 164.90.195.160 fortcoin.net has address 164.90.195.160 sbk.foundation has address 31.42.177.99 <— abandoned? 91.202.5.69 bitforte.net 91.202.5.69 www.bitforte.net 91.202.5.69 www.coinrow.net 91.202.5.69 coinrow.net 91.202.5.69 www.fortcoin.net 91.202.5.69 fortcoin.net 91.202.5.69 www.coinforte.net 91.202.5.69 coinforte.net 31.42.177.99 bitforte.net 31.42.177.99 www.bitforte.net 31.42.177.99 www.fortcoin.net 31.42.177.99 fortcoin.net 31.42.177.99 sbk.foundation 31.42.177.99… Читать далее Spamvertised bitcoin scam.

Attack Server

Website Exploit Attack server 1637914606.020 0 139.59.74.137 TCP_DENIED/403 4034 GET http://X.X.X.X/phpMyAdmin-5/index.php? — HIER_NONE/- text/html 1637914606.516 0 139.59.74.137 TCP_DENIED/403 4019 GET http://X.X.X.X/PMA2020/index.php? — HIER_NONE/- text/html 1637914607.010 0 139.59.74.137 TCP_DENIED/403 4022 GET http://X.X.X.X/database/index.php? — HIER_NONE/- text/html 1637914607.508 1 139.59.74.137 TCP_DENIED/403 4033 GET http://X.X.X.X/sql/myadmin/index.php? — HIER_NONE/- text/html 1637914608.000 0 139.59.74.137 TCP_DENIED/403 4030 GET http://X.X.X.X/db/myadmin/index.php? — HIER_NONE/- text/html 1637914608.506… Читать далее Attack Server

spam support (domains)

domain used in likely id theft/phishing surveytoday.co… 159.89.188.73 Subject: $100-in-ExclusiveRewards — ProvideYourOpinionOnApple

Scareware scam.

The usual throbbing badly written Japanese «your PC is hacked» call this number 050-5050-0978