Рубрика: microsoft.com

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.185.47.68 on port 3500 TCP: $ telnet 20.185.47.68 3500 Trying 20.185.47.68… Connected to 20.185.47.68. Escape character… Читать далее NanoCore botnet controller @20.185.47.68

supportfortwitter.com has address 52.148.188.66 hxxp://supportfortwitter.com Login to Twitter / Twitter >100 other phishing sites since June 2021 igfeedbacks.com instagramtelifmerkezii.com departmentforinstagram.com supportfortwitter.com www-lg-helpcontact.com instagramprivacs.ml igcovidservice.com igcopyrightdepartment.com ig-servicesscostumer.ml lnstagram-destek.com copyring-servicez.tk lg-helpcopyright.com ig-copyrigthform.ml copyrihgts-infringements.com lnstagramappaels.ml

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://23.102.184.147/pm13/pm13.png

Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05olkn2022.outbound.protection.outlook.com [40.92.90.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Wed, 18 Aug 2021 X […] Received: from DB8EUR05FT057.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc0f::4e) by DB8EUR05HT228.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc0f::87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id X; Wed, 18 Aug… Читать далее Spam source @40.92.90.22

Received: from [128.199.82.246] (helo=mta0.zhuoda.com) From: «EMS» <acsinc@acsinc.co.kr> Subject: [] 附件是您的收据 Date: 18 Aug 2021 05:45:11 +0200 form hosted @ https://soldbypickens.com/exe/send.php soldbypickens.com. 3600 IN A 20.197.230.226

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.150.137.35 on port 7400 TCP: $ telnet 20.150.137.35 7400 Trying 20.150.137.35… Connected to 20.150.137.35. Escape character… Читать далее AveMariaRAT botnet controller @20.150.137.35

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 52.158.47.4 on port 80 (using HTTP GET): hXXp://52.158.47.4/javascriptPollhttpLongpoll.php Referencing malware binaries (MD5 hash): e8317caac6568f4d37d8535a1e56ad29 — AV detection: 40 / 69 (57.97)

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.197.177.229 on port 6821 TCP: $ telnet 20.197.177.229 6821 Trying 20.197.177.229… Connected to 20.197.177.229. Escape character… Читать далее AsyncRAT botnet controller @20.197.177.229

Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.108.64.214 on port 80 (using HTTP POST): hXXp://20.108.64.214/porra.php