Received: from email.ksfe.com ([104.211.101.120]) Date: Wed, 20 Oct 2021 12:5x:xx +0100 From: 273 <273@ksfe.com> Reply-To: lbrewer@suorceinc.com Subject:Re: Re: Charity.. Dear Beloved I am Maria Franca Fissolo I intend to give you a portion of my Net-worth contact me for further details. Regards, Maria
Рубрика: microsoft.com
phishing server
citiznes04.com has address 20.150.142.183
irs phishing server
href-secure-gate-payment.com has address 20.94.199.105 scure-economic-impact-payments.com has address 20.94.199.105
irs phishing server
hXXps://killdemons.com/r/sqwwk $ host killdemons.com killdemons.com has address 20.84.104.109
njrat botnet controller @52.236.80.67
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.236.80.67 on port 40225 TCP: $ telnet 52.236.80.67 40225 Trying 52.236.80.67… Connected to 52.236.80.67. Escape character… Читать далее njrat botnet controller @52.236.80.67
AsyncRAT botnet controller @52.183.37.26
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.183.37.26 on port 1452 TCP: $ telnet 52.183.37.26 1452 Trying 52.183.37.26… Connected to 52.183.37.26. Escape character… Читать далее AsyncRAT botnet controller @52.183.37.26
phishing server
hXXps://irsgovget-payment.lowje.com/?kntl $ host irsgovget-payment.lowje.com irsgovget-payment.lowje.com has address 40.117.92.253
phishing server
claim-eligible-tax-return.com has address 40.87.121.196 third-round-economic-impact-review.com has address 40.87.121.196 eligible-tax-returns.online has address 40.87.121.196 hAAps://claim-eligible-tax-return.com/?irs
phishing server
52.234.159.105|indication-admin-1000002559374586906.tk|2021-10-14 15:41:51 52.234.159.105|indication-admin-1000002559374586909.tk|2021-10-14 15:42:04 52.234.159.105|indication-admin-1000002559374586910.tk|2021-10-14 09:46:28 52.234.159.105|indication-statement-10000000542318654355431.tk|2021-10-13 11:31:32 52.234.159.105|indication-statement-10000000542318654355432.tk|2021-10-13 11:07:09 52.234.159.105|indication-statement-10000000542318654355433.tk|2021-10-13 11:06:51 52.234.159.105|indication-statement-10000000542318654355434.tk|2021-10-13 11:31:20 52.234.159.105|indication-statement-10000000542318654355435.tk|2021-10-13 11:07:04 52.234.159.105|indication-statement-10000000542318654355436.tk|2021-10-13 11:07:00 52.234.159.105|indication-statement-10000000542318654355437.tk|2021-10-13 11:07:01 52.234.159.105|indication-statement-10000000542318654355438.tk|2021-10-13 11:12:13 52.234.159.105|indication-statement-10000000542318654355439.tk|2021-10-13 11:11:25 52.234.159.105|indication-statement-10000000542318654355440.tk|2021-10-13 11:13:53 52.234.159.105|indication-statement-1000000065945667894520.tk|2021-10-12 09:37:27 52.234.159.105|indication-statement-1000000065945667894521.tk|2021-10-14 13:32:30 52.234.159.105|indication-statement-1000000065945667894522.tk|2021-10-14 13:31:37 52.234.159.105|indication-statement-1000000065945667894523.tk|2021-10-14 13:42:16 52.234.159.105|indication-statement-1000000065945667894524.tk|2021-10-14 13:32:06 52.234.159.105|indication-statement-1000000065945667894525.tk|2021-10-12 09:37:09 52.234.159.105|indication-statement-1000000065945667894526.tk|2021-10-12 09:37:25 52.234.159.105|indication-statement-1000000065945667894527.tk|2021-10-12 09:36:36 52.234.159.105|indication-statement-1000000065945667894528.tk|2021-10-12 10:16:45 52.234.159.105|indication-statement-1000000065945667894529.tk|2021-10-12 09:51:44 52.234.159.105|regulation-reconfrim-100000000754316824516846796880.tk|2021-10-13 07:22:10 52.234.159.105|regulation-reconfrim-100000000754316824516846796881.tk|2021-10-13 07:52:07 52.234.159.105|regulation-reconfrim-100000000754316824516846796882.tk|2021-10-13 07:31:48 52.234.159.105|regulation-reconfrim-100000000754316824516846796883.tk|2021-10-13 07:51:23 52.234.159.105|regulation-reconfrim-100000000754316824516846796884.tk|2021-10-13… Читать далее phishing server
DCRat botnet controller @40.90.210.21
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 40.90.210.21 on port 3054 TCP: $ telnet 40.90.210.21 3054 Trying 40.90.210.21… Connected to 40.90.210.21. Escape character… Читать далее DCRat botnet controller @40.90.210.21