Рубрика: google.com

Received: from fvlmi.gerasis.net (20.84.88.196) From: Theragun | Client service . Subject: Claim your chance [] to Test & Keep the NEW Theragun worth £500 | Free home delivery. Date: Mon, 25 Jan 2021 18:3x:xx +0100 URL: https://www.tyre-stick.com/[]/?creative_id=8002 Server IP address is 35.186.245.208 => Location: https://vam.actiondecisionvalid.com/?s1=[]&kw=511&s2=511&s3= Server IP address is 191.101.6.14

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://helpcopyright.click/arxlyfpsb.php Host: helpcopyright.click IP address: 34.67.216.177 Hostname: 177.216.67.34.bc.googleusercontent.com

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://helpcopyright.click/wp-content/themes/festive/languages/JST10x.php Host: helpcopyright.click IP address: 34.67.216.177 Hostname: 177.216.67.34.bc.googleusercontent.com

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://lezz-etci.com/xavqpgdjonsh.php Host: lezz-etci.com IP address: 34.78.201.129 Hostname: 129.201.78.34.bc.googleusercontent.com

The host at this IP address is being (ab)used to «listbomb» email addresses: From: brp394sandeep@gmail.com Subject: E-Waste (Buy Back)-Management Company Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address (172.217.19.206) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://sites.google.com/site/stormqk/dn/StormAgent.apk?attredirects=0 AS number: AS15169 AS name: GOOGLE Hostname: ams16s31-in-f14.1e100.net

Stolen credit card data websites: cvvstore.cc. 599 IN A 35.188.126.240 kingscard.cc. 599 IN A 35.188.126.240 ug4all.ru. 599 IN A 35.188.126.240 trdbin.su. 599 IN A 35.188.126.240 35.188.126.240 dstore.su 2021-04-11 10:35:28 _________________ Was: kingscard.cc. 599 IN A 103.209.102.141 kingscard.cc. 599 IN A 94.242.58.188 cvvstore.cc. 600 IN A 103.209.102.141 cvvstore.cc. 600 IN A 94.242.58.188 ltdcc1.cc. 599 IN A… Читать далее Cybercriminal credit-card theft carding gang at: cvvstore.cc, cc4you.su, kingscard.cc etc.

Stolen credit card data websites. unicc-bazar.cm. 599 IN A 34.89.81.205 fe-shop.ru. 599 IN A 35.228.7.192 approved-cc.su. 599 IN A 34.65.237.185 trump-dumps.ru. 599 IN A 34.65.33.2 megasearch.su. 899 IN A 194.5.249.112 ______________ Was: unicc-bazar.cm. 599 IN A 194.5.249.111 ______________ Was: unicc-bazar.cm. 599 IN A 79.174.12.93 ______________ Was: unicc-bazar.cm. 599 IN A 193.32.188.53 ______________ Was: unicc-bazar.cm. 599… Читать далее Carding fraud site/forums uniCC-bazar.cm (fe-shop.ru / approved-cc.su / trump-dumps.ru / megasearch.su)

Check out https://6l0.s3-eu-west-1.amazonaws.com/7.html Acquire skills 2 make paychecks Today via internet 4 Retirement _____________ https://6l0.s3-eu-west-1.amazonaws.com/7.html >>> https://www.trapnexjet.com/7BZ2W11/2J7XBQF/?source_id=AWS&sub1=1082021&sub2=1h4g&sub3=6 www.trapnexjet.com. 1305 IN A 35.241.19.31 >>> https://www.financialfreedom-forever.co/video31538819/?p1=3920 >>> https://www.financialfreedom-forever.co/processing1589383764380 >>> https://lpbestcheckout.com/carts?pid=500&a=851&reqid=451f2dee6b4b4ee8a605c6b20543bd58&s1=3920&s2=7840e46a66724ca89e8b41b68bed1e06&cae=MjMz www.financialfreedom-forever.co. 910 IN CNAME target.clickfunnels.com. target.clickfunnels.com. 299 IN A 104.16.15.194 target.clickfunnels.com. 299 IN A 104.16.13.194 target.clickfunnels.com. 299 IN A 104.16.16.194 target.clickfunnels.com. 299 IN A 104.16.14.194 target.clickfunnels.com. 299… Читать далее SMS spammer hosting: trapnexjet.com

The host at this IP address (104.155.230.1) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://www.prishaartcreations.com/wp-includes/sites/cznyyod298qadta/ AS number: AS15169 AS name: GOOGLE Hostname: 1.230.155.104.bc.googleusercontent.com