Рубрика: google.com

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 34.72.154.70 on port 80 (using HTTP POST): hXXp://navijunks.ml/chores/fre.php $ dig +short navijunks.ml 34.72.154.70 $ nslookup 34.72.154.70 70.154.72.34.bc.googleusercontent.com Other malicious domain names hosted… Читать далее Loki botnet controller @34.72.154.70

34.66.212.59|haxiriq.com|2021-11-02 01:21:30 34.66.212.59|redirect.allstarhood.com|2021-11-02 19:37:02 34.66.212.59|taxverify77.com|2021-10-31 14:40:52 34.66.212.59|usgetfunds.com|2021-11-03 08:37:04 hXXps://usgetfunds.com/r/5vjmObV

Instagram copyright scammers. verifiedconfirms.com has address 35.198.22.41 Copyright Violate | Aid Center helpsentelig.xyz has address 35.198.22.41 couldverifitynews.ml has address 35.198.22.41 copyrightverifitynew.ml has address 35.198.22.41 denemewebsitesi.ml has address 35.198.22.41 helpentell.xyz has address 35.198.22.41 canlicamshow.xyz has address 35.198.22.41 telifyasalyasa.cf has address 35.198.22.41 bluebadgecontact.tk has address 35.198.22.41 mobilsubevakf.site has address 35.198.22.41 helpentel.ml has address 35.198.22.41 violationportals.cf has address… Читать далее phishing server

Return-Path: <2019marwahrahad10+[]@googlegroups.com> Received: from mail-oo1-f56.google.com (mail-oo1-f56.google.com [209.85.161.56]) by [] (8.14.7/8.14.7) with ESMTP id [] (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK) for []; Mon, 1 Nov 2021 07:[]:[] -0400 Authentication-Results: [] Received: by mail-oo1-f56.google.com with SMTP id [] for []; Mon, 01 Nov 2021 04:[]:[] -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1635767275; cv=pass; d=google.com; s=arc-20160816; b=[] ARC-Message-Signature: i=2; a=rsa-sha256;… Читать далее Google Groups spam source

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 34.68.50.44 on port 8888 TCP: $ telnet 34.68.50.44 8888 Trying 34.68.50.44… Connected to 34.68.50.44. Escape character… Читать далее DCRat botnet controller @34.68.50.44

34.127.5.144|irs-action.com|2021-10-29 11:21:29 34.127.5.144|irs-datacovid.com|2021-10-28 23:35:54 34.127.5.144|irs-gohome.com|2021-10-28 19:55:58 34.127.5.144|irs-inputidentity.com|2021-10-28 19:31:04 34.127.5.144|irs-paymentconfirm.com|2021-10-27 23:16:15 34.127.5.144|irs-yourpayment.com|2021-10-29 02:41:26 34.127.5.144|irsgovsecurepayment.com|2021-10-29 23:15:50 34.127.5.144|irstax-govermennt.com|2021-10-26 04:34:51 34.127.5.144|notifyirsgovid.com|2021-10-27 16:16:33 34.127.5.144|paymentreceiptirs.serveftp.com|2021-10-26 21:26:03 34.127.5.144|paypalsecure24.serveftp.com|2021-10-20 00:10:57 34.127.5.144|rdx-ajauib.com|2021-10-19 18:49:41 34.127.5.144|receptdropclaim.com|2021-10-28 02:46:02 34.127.5.144|redirect-irs.com|2021-10-29 15:51:12 34.127.5.144|secure05d-taxsinformation.com|2021-10-28 10:41:52 34.127.5.144|taxs044.com|2021-10-17 18:15:41

Always spamming from google via a chain of redirectors, the T-shirt spammer All these and likely more too: 34.149.234.171 christmastees.xyz 34.149.234.171 nextfashiontees.com 34.149.234.171 posterstree.com 34.149.234.171 temobase.biz 34.149.234.171 temobasez.shop 34.149.234.171 bestprint50.com 34.149.234.171 6bui.com 34.149.234.171 chipgears.com 34.149.234.171 xpreesprintusa.shop 34.149.234.171 rdmmo.com 34.149.234.171 melody68.com 34.149.234.171 orionzone.xyz 34.149.234.171 miangifts.com 34.149.234.171 partextees.com 34.149.234.171 waverm.com 34.149.234.171 brandonshop.xyz 34.149.234.171 art88.shop 34.149.234.171 reginaturners.com 34.149.234.171… Читать далее Tiresome T-shirt spammer. (landing site.)

34.151.71.134|1commbanksec.com.au|2021-10-26 12:16:28 34.151.71.134|1commsec.com.au|2021-10-24 20:46:07 34.151.71.134|1netbank.com.au|2021-10-18 21:51:19 34.151.71.134|1netbanksec.com.au|2021-10-28 03:45:56 34.151.71.134|commbanksec.com.au|2021-10-28 01:46:24 34.151.71.134|commbanksupport.com.au|2021-10-25 02:20:45 34.151.71.134|custcareballbasher.com|2021-10-21 11:56:21 34.151.71.134|mycommbank-mobile.app|2021-10-28 23:01:07 34.151.71.134|mycommbank-mobile.com.au|2021-10-16 01:35:46 34.151.71.134|mycommbank-support.com.au|2021-10-28 06:46:16 34.151.71.134|mycommbanking.com.au|2021-10-15 05:31:01 34.151.71.134|mycommbankmobile.com.au|2021-10-13 13:41:58 34.151.71.134|mynetbank-login.com.au|2021-10-16 05:40:55 34.151.71.134|mynetbank.com.au|2021-10-14 03:25:50 34.151.71.134|mynetbanking.com.au|2021-10-24 22:45:41 34.151.71.134|secure-access.com.au|2021-10-15 01:06:25 34.151.71.134|secure-banking.com.au|2021-10-18 10:11:35 34.151.71.134|secure-netbanking.com.au|2021-10-14 21:36:03 34.151.71.134|www1commsecure.com.au|2021-10-14 19:46:42

onlinesecureredirector001b.org has address 35.199.98.82 16shortsecurelinkredirect0.org has address 35.199.98.82 hXXp://onlinesecureredirector001b.org/rsa/asd/

domain used in spam operation —- tizifi.com|34.102.201.232| tiziprint.com|34.102.201.232| —-