Рубрика: digitalocean.com

Received: from o4vo.hothothouse.info (o4vo.hothothouse.info. [45.145.4.145]) From: «Costco» <[]@[].o4vo.hothothouse.info> Subject: New Post: $100 Offer here Date: Wed, 02 Mar 2022 21:2x:xx +0100 https://s3-us-west-2.amazonaws.com/dqan3ch6q/[] 52.218.200.224 http://ringleros.info//cl/4410_md/[] 135.148.12.1 https://cemtasm.com/[] 23.229.68.8 https://honorways.com/r2/7[] 190.124.47.122 http://accesstart.com/aff_c?offer_id=437&aff_id=1193&source=nd&aff_sub=costco&aff_sub2=[]&aff_sub3=1SG&aff_sub4=473816 104.21.6.239 https://targetsoul.ru/[] 172.67.177.195 https://grnep.com/[]?c=%7C437&k=&v=&s=1193&t=&cr=&src=nd&lp=&id=[] 172.67.204.141 https://promo.topdashdeals.com/nc-t2-c2/checkout/?affid=&cid=[]&reqid=&tid=[] 167.172.19.255

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Gozi botnet controller located at 143.198.56.58 on port 80 (using HTTP GET): hXXp://143.198.56.58/peer/XXX Referencing malware binaries (MD5 hash): 83c0ef52beab49e8094e11b315220f78 — AV detection: 26 / 70 (37.14)

Received: from varilokaminadere.org.uk (varilokaminadere.org.uk. [158.51.98.177]) Date: Wed, 02 Mar 2022 07:1x:xx +0000 From: «Surge MasterCard» <contact@varilokaminadere.org.uk> Subject: The perfect credit card for all credit types. http://astraloched.site/track/[] 159.89.228.34 https://rockpriority.com/0/0/0/[] 195.133.83.235 https://warmenbrace.com/?s1=350676&s2=[]&s3=2357&s4=0&ow=&s10=739 188.114.96.0 https://stagningtrump.com/[] 104.21.2.162 https://beatxup.com/click?s2=[]&s1=350676&s3=2357&trvid=10561&s4=0&ow=36 111.90.158.39 https://coupvariant.com/?a=162&c=4035&s2=[]&s1=350676 104.21.37.240 https://ama.yourstrulynow.com/nl-nl/?o=4076&r=[]&a=162&sa=350676 188.114.96.0 https://payment.terr3fick.com/0ab9e/gateway.html?sid=[] 188.114.96.0

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 142.93.227.231 on port 80 (using HTTP POST): hXXp://142.93.227.231/oluwa/five/fre.php $ nslookup 142.93.227.231 afripot.buzz

206.189.15.43|securs01-chase.com|2022-02-26 20:51:09

138.197.74.76|secure01a-chase-security-site.co|2022-02-26 22:44:58 138.197.74.76|secure02a-chase-security-site.co|2022-02-26 22:58:07

167.99.120.151|chasecardsec01.com|2022-02-26 01:16:41 167.99.120.151|citihelps9.com|2022-02-26 21:15:53 167.99.120.151|onlinecitis9b.com|2022-02-26 16:21:08 167.99.120.151|supportbciti9.com|2022-02-26 14:46:33

147.182.204.18|usps-help.net|2022-02-25 23:52:09 147.182.204.18|wellshelp.org|2022-02-25 19:31:36

2022-02-24 gotogml.com. 60 IN A 147.182.245.65 2022-02-24 gotogml.com. 60 IN A 213.166.70.250 2022-02-24 gotogml.com. 60 IN A 213.166.70.175 2022-02-23 gotogml.com. 60 IN A 37.140.197.206 2022-02-20 gotogml.com. 60 IN A 45.8.127.154 2022-02-01 gotogml.com. 60 IN A 194.87.1.4 2022-01-31 gotogml.com. 60 IN A 194.87.1.5 2022-01-20 gotogml.com. 60 IN A 194.87.185.11 2022-01-18 gotogml.com. 60 IN A 5.188.160.30 Received:… Читать далее Spamvertised website

134.122.70.216|citizens.ga|2022-02-24 00:51:35 134.122.70.216|citizensonline-support.ga|2022-02-22 22:17:28 134.122.70.216|citizensonline-support.ml|2022-02-22 23:02:06 134.122.70.216|citizensonline-support.tk|2022-02-24 01:11:42 134.122.70.216|secur07b-chase.ga|2022-02-23 22:32:25 134.122.70.216|securecitizens-online.ga|2022-02-24 03:45:55