Рубрика: microsoft.com

hXXp://przggha6oiv1.a6kecjbdibju8g14kiv.xyz/ $ host przggha6oiv1.a6kecjbdibju8g14kiv.xyz przggha6oiv1.a6kecjbdibju8g14kiv.xyz has address 40.78.143.97

$ host kimfitz.de kimfitz.de has address 20.188.34.58 This domain houses the payload in the SBL534163 phishing spam against LCL. Do not be fooled by the redirection to Google.

$ host healliser.com healliser.com has address 51.137.149.68 This IP hosts an active phishing payload against customers of the Estonian internet service provider Zone.eu.

https://bulletproof-hosting.com >>> https://bulletproof.su/? >>> https://t.me/ffservice? 40.121.200.45 abusehost.pro 2021-09-20 12:47:09 40.121.200.45 approved-xxx.su 2021-09-14 13:56:04 40.121.200.45 bulletproof-hosting.com 2021-09-21 09:16:15 40.121.200.45 bulletproof.im 2021-09-12 12:20:54 40.121.200.45 bulletproof.su 2021-10-07 03:06:21 40.121.200.45 ccshoponline.ru 2021-10-07 22:53:49 40.121.200.45 ccvv2dumps.com 2021-09-22 08:01:53 40.121.200.45 fast-flux.ru 2021-09-27 19:41:51 40.121.200.45 fastflux.su 2021-10-01 02:20:56 40.121.200.45 goldplastic.net 2021-09-30 16:06:38 40.121.200.45 goodshop24.biz 2021-09-22 00:52:19 40.121.200.45 mail.cvvshops.su 2021-09-13 17:59:33 40.121.200.45 mail.fastflux.su… Читать далее FastFlux hosting provider: bulletproof.su — who use hacked servers to host malware, phish, etc.

lnstagramshelpbadge.com has address 20.104.50.216

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.36.20.111 on port 1604 TCP: $ telnet 20.36.20.111 1604 Trying 20.36.20.111… Connected to 20.36.20.111. Escape character… Читать далее AsyncRAT botnet controller @20.36.20.111

mypaypal-accountreview.com has address 52.143.160.216 mypaypal-account.com has address 52.143.160.216 also actively spamming.

The host at this IP address is being (ab)used to «listbomb» email addresses: From: bhgymnastics@hotmail.com Subject: Re: BH Gymnastics «Trials Form Update» Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address (13.107.42.13) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://onedrive.live.com/download?cid=68C9F09DED4D3B72&resid=68C9F09DED4D3B72%21173&authkey=AL6oUfOJI4ZrhEY https://onedrive.live.com/download?cid=ACA36329F96145E7&resid=ACA36329F96145E7%21108&authkey=AIg30Xmo50HUN6s http://onedrive.live.com/download?cid=2BCCCFD49591E542&resid=2BCCCFD49591E542!104&authkey=ACSUapER1G2BuSA https://onedrive.live.com/download?cid=D7A53F4E448C59AF&resid=D7A53F4E448C59AF%21930&authkey=AE8AYkwfBEmxEgw https://onedrive.live.com/download?cid=8AD327FEA0288842&resid=8AD327FEA0288842%21476&authkey=ACo-GUvKHDyJL-o https://onedrive.live.com/download?cid=2F38368D4BD88C0E&resid=2F38368D4BD88C0E%21118&authkey=AL9u2JyCVKLhDfk https://onedrive.live.com/download?cid=B9F97974937AF42D&resid=B9F97974937AF42D%21183&authkey=APZbR8B3Xgtai1Y https://onedrive.live.com/download?cid=86C04FE349EAFD3D&resid=86C04FE349EAFD3D%21264&authkey=AMlvCynqZz-Xh08 https://onedrive.live.com/download?cid=21DC3741EA2CB3F2&resid=21DC3741EA2CB3F2%21204&authkey=AHJPj8UjWVeqnms https://onedrive.live.com/download?cid=64DE6B3FCA356C05&resid=64DE6B3FCA356C05%211284&authkey=APDonrm4qUrpCqk https://onedrive.live.com/download?cid=5B4883EE81CE085C&resid=5B4883EE81CE085C%211387&authkey=AGeQ4Y5yPPEW7jE https://onedrive.live.com/download?cid=EBDE3D8CE54ED339&resid=EBDE3D8CE54ED339%21153&authkey=AKPvZ3cKptj9Pq4 https://onedrive.live.com/download?cid=ED0141F46D6D00C9&resid=ED0141F46D6D00C9%2110669&authkey=AKFup5TTuavYYgI https://onedrive.live.com/download?cid=F3BA03FF9BD7183E&resid=F3BA03FF9BD7183E%21137&authkey=ADKzncNbdhev0XI https://onedrive.live.com/download?cid=633055B9F28C3083&resid=633055B9F28C3083%21126&authkey=ACmgfs0UyLumtdQ AS number: AS8068 AS name: MICROSOFT-CORP-MSN-AS-BLOCK — Microsoft Corporation

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 23.100.23.67 on port 80 (using HTTP GET): hXXp://hostas4.cf/click.php $ dig +short hostas4.cf 23.100.23.67 Other malicious domain names hosted on this IP address:… Читать далее Malware botnet controller @23.100.23.67