Рубрика: google.com

amazonapp-billing.com has address 34.150.202.126 verified-prime-billing.com has address 34.150.202.126 prime-verified-billing.com has address 34.150.202.126 primebillings-account.com has address 34.150.202.126 34.150.202.126|amazonapp-billing.com|2021-07-05 34.150.202.126|auth-prime.com|2021-07-04 34.150.202.126|prime-accountissue.com|2021-07-05 34.150.202.126|prime-appsecure.com|2021-07-04 34.150.202.126|prime-billingservice.com|2021-07-01 34.150.202.126|prime-billingverify.com|2021-07-01 34.150.202.126|prime-billissued.com|2021-07-05 34.150.202.126|prime-confirmation.com|2021-07-01 34.150.202.126|prime-gets-information.com|2021-07-05 34.150.202.126|prime-secureservice.com|2021-07-02 34.150.202.126|prime-verified-billing.com|2021-07-05 34.150.202.126|primeaccount-billing.com|2021-07-04 34.150.202.126|primeaccount-service.com|2021-07-04 34.150.202.126|primebilling-account.com|2021-07-02 34.150.202.126|primebilling-auth.com|2021-07-04 34.150.202.126|primebillings-account.com|2021-07-05 34.150.202.126|primebills-account.com|2021-07-04 34.150.202.126|primeservice-secure.com|2021-07-04 34.150.202.126|verified-prime-billing.com|2021-07-05

https://firebasestorage.googleapis.com/v0/b/bsydvxcxhcczcjcbacchcbz.appspot.com/o/%25%24%23%24%23%23%24%25smn%5E%25%23%25%24.html?alt=media&token=f573f26d-04b1-4de2-9e60-973ed37c31e5#victim@example.com firebasestorage.googleapis.com. 123 IN A 172.217.14.106

hXXp://securelinksub.com GOVERNMENT PANDEMIC STIMULUS BONUS UNDER PRESIDENT JOE BIDEN securelinksub.com has address 35.209.24.90

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 34.89.184.90 on port 80 (using HTTP POST): hXXp://34.89.184.90/ $ nslookup 34.89.184.90 90.184.89.34.bc.googleusercontent.com Referencing malware binaries (MD5 hash): 6e7c73591f14dc0be945a5afccb7b9fd — AV detection: 43… Читать далее RaccoonStealer botnet controller @34.89.184.90

Received: from mail-qk1-x742.google.com ([2607:f8b0:4864:20::742]) From: «CVRLXS TC/HC» <steam666carlos@gmail.com> Date: Wed, 14 Jul 2021 08:49:23 +0700 Subject: Attn: Are you sure you don’t want this? URL: https://amahotdeals.xyz/amahotdealsxyz Server IP address is 162.0.215.56 Location: https://amztopdeals.xyz/amahotdealsxyz Server IP address is 198.54.116.143 Location: https://zolatee.com/customnamegifts?pr=YOUARECOOL Server IP address is 35.186.216.166

34.149.82.119 go.whatifoffers.com 2021-07-13 18:57:41 34.149.82.119 go.wiadn.com 2021-07-09 16:01:40 34.149.82.119 go.wilists.com 2021-07-12 20:33:55 34.149.82.119 run.wistable.com 2021-07-13 15:29:34 34.149.82.119 whatchawonton.com 2021-07-07 22:07:51 34.149.82.119 whatraffic.com 2021-07-03 15:50:52 34.149.82.119 wicamps.com 2021-07-13 08:40:41 34.149.82.119 wihclicks.com 2021-07-03 15:45:36 34.149.82.119 wihoffers.com 2021-07-11 13:59:00 34.149.82.119 wihsites.com 2021-07-03 15:50:39 34.149.82.119 wimgcamps.com 2021-07-03 15:50:49 34.149.82.119 wimgclicks.com 2021-07-03 15:45:49 34.149.82.119 wimgoffers.com 2021-07-03 15:50:37 34.149.82.119 wivisits.com 2021-07-03… Читать далее Spamvertised websites

Received: from cocots.com (163.172.182.142) From: Strøm <noreply@karklik.ru!> Subject: Tinde Energi gir 50 % rabatt til alle nye kunder i 2 måneder Date: Wed, 14 Jul 2021 07:1x:xx +0000 https://algatv.com/track/[] => https://zeshelo.com/?a=2020&oc=12996&c=37132&m=3&s1=12&s2=66-1690&s3=[] => https://vxb.rapidofferconnect.com/?s1=[]&s2=66-1690&kw=2020 algatv.com. 300 IN A 104.21.92.13 algatv.com. 300 IN A 172.67.184.127 zeshelo.com. 300 IN A 35.204.23.131 vxb.rapidofferconnect.com. 300 IN A 185.117.75.202

Received: from mail-yb1-f175.google.com (mail-yb1-f175.google.com [209.85.219.175]) by X (8.14.4/8.14.4/Debian-4) with ESMTP id X (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=OK) for <X>; Mon, 19 Jul 2021 X Received: by mail-yb1-f175.google.com with SMTP id X for <X>; Sun, 18 Jul 2021 X DKIM-Signature: X X-Google-DKIM-Signature: X X-Gm-Message-State: X X-Google-Smtp-Source: X X-Received: by 2002:ab0:1652:: with SMTP id X; Sun, 18 Jul… Читать далее Spam source @209.85.219.175

216.117.160.80 mta18.booksforstudents.org 2021-02-21 05:08:48 216.117.160.80 mta18.cashfortextbooks.org 2021-07-20 17:55:09 www.cashfortextbooks.org. 3599 IN A 216.117.175.174 www.citysbestaward.com. 21599 IN A 35.208.29.187 ______________________________ Received: from mta18.cashfortextbooks.org (HELO mta18.cashfortextbooks.org) (216.117.160.80) by xx; Sat, 17 Jul 2021 12:22:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=cashfortextbooks.org; h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type:List-Unsubscribe:List-Id; i=will@cashfortextbooks.org; bh=xx DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=cashfortextbooks.org; b=xx Received: by mta18.cashfortextbooks.org id xx; Thu,… Читать далее US Commerce Association / Business Recognition / Award Connections

The host at this IP address is being (ab)used to «listbomb» email addresses: From: minhanhnoidatkhach19@gmail.com Subject: ⚡ You’d love these Thomas designs Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution… Читать далее Abused / misconfigured newsletter service (listbombing)