Рубрика: digitalocean.com

161.35.234.152|secure05c-serveruser1a-verify-account.com|2021-11-07 20:15:53

hxxps[://]nxftlex-mailnirop.duckdns[.]org/cpsess92/index.html/87139405/emanage/rontend/aper_lanter/dex.ht/cprap/NETF-en/ contains an active phishing payload against Netflix users. $ host nxftlex-mailnirop.duckdns.org nxftlex-mailnirop.duckdns.org has address 143.198.52.218

209.97.133.233|auth-serversecure5c-verify01b-account.com|2021-11-07 01:45:40 209.97.133.233|serversecure03a-verify1c-auth.myaccount03c.com|2021-11-05 13:05:32 209.97.133.233|serversecure05c-verify1a-account.com|2021-11-06 18:45:51

143.198.123.65|boarqs.co|2021-10-31 20:55:37 143.198.123.65|boarqs.com|2021-11-05 02:41:32 143.198.123.65|boaserv-reports.co|2021-10-26 18:26:11 143.198.123.65|boaserv-reports.com|2021-11-02 14:51:16 143.198.123.65|wellsfargodevice.co|2021-11-06 20:15:43 143.198.123.65|wellsfargodevice.com|2021-11-06 19:55:55

citionlinereview.com has address 137.184.223.195 citifraudreview.com has address 137.184.223.195

secureofitt01a.com has address 137.184.146.104 With Fake «Service Suspended» banner to hide behind.

241.68.199.198.in-addr.arpa. 1149 IN PTR bizcloud-millerenergy.com. This domain does not exist. ============================================================================= Return-Path: <luisfernandezfirm@consultant.com> Received: from bizcloud-millerenergy.com (HELO bizcloud-millerenergy.com) (198.199.68.241) by x (x) with ESMTP; Fri, 05 Nov 2021 xx:xx:xx +0000 Received: from [5.135.230.141] (bizcloud-millerenergy.com [IPv6:::1]) by bizcloud-millerenergy.com (Postfix) with ESMTP id x for <x>; Fri, 5 Nov 2021 xx:xx:xx +0000 (UTC) Reply-To: luisfernandezconsultant@gmail.com From: Luis… Читать далее advance fee fraud spam source

Received: from 683078.cloudwaysapps.com (unknown [159.223.14.157]) by X (Postfix) with ESMTP id X for <X>; Fri, 5 Nov 2021 X Received: by 683078.cloudwaysapps.com (Postfix, from userid 1004) id X; Fri, 5 Nov 2021 X To: X Subject: FWD: Ihr Paket.! Date: Fri, 5 Nov 2021 X From: DPD <notifications@dpd.ch> Message-ID: <X@woocommerce-683078-2250175.cloudwaysapps.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=»X»… Читать далее Phish source @159.223.14.157

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 167.172.146.21 on port 80 (using HTTP GET): hXXp://rifyyoure.ink/ $ dig +short rifyyoure.ink 167.172.146.21

Received: from ihfkks.netsirk.com (143.198.44.192) From: Iphone 13<reply@apple.ru!>;<service@stayfriends.de> Subject: Machen Sie jetzt mit und gewinnen Sie das neue iPhone 13. Der Gewinner wird per E-Mail benachrichtigt! Date: Thu, 04 Nov 2021 01:0x:xx +0000