Рубрика: microsoft.com

Fake «magalu» site regularly spammed for from cnode.io space: Status Code URL IP Page Type Redirect Type Redirect URL 200 http://ofertas-tv-magazineluiza.com/c8c3998fab4dae554aebecea7b84119c/?produto=smart-tv-58-crystal-4k-samsung-58au7700-wi-fi-bluetooth-hdr-alexa-built-in-3-hdmi-1-usb/p/193441400/et/tv4k/? 20.197.197.146 normal none none

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.52.46.119 on port 52190 TCP: $ telnet 20.52.46.119 52190 Trying 20.52.46.119… Connected to 20.52.46.119. Escape character… Читать далее NanoCore botnet controller @20.52.46.119

hXXps://api.ids-human-verification.com/r/YWO5F0P identifying-human.com ids-human-verification.com irs-human-detection.com check-verification-human.com instograsipdl.com check-human-verification.com serahludahanjing.com redirectme.net api-cloudflares-redirect.com tataskabehmbuh.com google-safelink-urlhahay.com irs-human-verification.com api-redirect-us.com alahsialmoment.com api.identifying-human.com has address 13.92.139.111 api.irs-human-detection.com has address 13.92.139.111 api.instograsipdl.com has address 13.92.139.111 —- 13.92.139.111|antiormas.tataskabeh.com|2021-09-08 22:10:43 13.92.139.111|api-redirect-us.com|2021-09-08 19:15:52 13.92.139.111|api-redirection.dms-human-validation.com|2021-09-19 17:41:15 13.92.139.111|api.alahsialmoment.com|2021-09-07 21:40:47 13.92.139.111|api.ids-cloudflare-robot-detections.com|2021-09-18 19:46:41 13.92.139.111|api.ids-human-verification.com|2021-09-17 15:49:16 13.92.139.111|api.instograsipdl.com|2021-09-17 22:44:45 13.92.139.111|api.kepaksayapp.com|2021-09-21 17:59:16 13.92.139.111|api.redirect-human-validation.com|2021-09-22 07:53:20 13.92.139.111|api.serahludahanjing.com|2021-09-15 11:07:58 13.92.139.111|api.seterahdahlu.com|2021-09-04 00:05:39 13.92.139.111|api.tataskabehmbuh.com|2021-09-10 21:06:12 13.92.139.111|api.uisderes.com|2021-09-21 14:10:53 13.92.139.111|google-safelink-urlhahay.com|2021-09-14… Читать далее irs phishing server

23.99.230.170|cdn.secureserver.irs.gov-us-refund.com|2021-09-21 23.99.230.170|claim-irs-gov.us-en-tax-identity-refunds.com|2021-09-21 23.99.230.170|irs-claim.us-taxreturn.com|2021-09-21 23.99.230.170|irs-gov.irs-m-us-covid19.com|2021-09-22 23.99.230.170|irs-gov.mirs-gop-covid19.com|2021-09-22 23.99.230.170|irs-gov.us-en-tax-identity-refunds.com|2021-09-21 23.99.230.170|irs-gov.us-identity-refunds.com|2021-09-21 23.99.230.170|irs-m-us-covid19.com|2021-09-22 23.99.230.170|irs.gov-claims-funds.com|2021-09-22 23.99.230.170|mail.cloudfeler-irs.net|2021-09-22 23.99.230.170|mirs-gop-covid19.com|2021-09-21 23.99.230.170|redirect-secure.cloudflare.human-verifications.com|2021-09-22 23.99.230.170|secure.irs-gov.us-available-funds.com|2021-09-21 23.99.230.170|www.irs.gov-claims-fund.com|2021-09-21

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.203.173.201 on port 58110 TCP: $ telnet 20.203.173.201 58110 Trying 20.203.173.201… Connected to 20.203.173.201. Escape character… Читать далее AsyncRAT botnet controller @20.203.173.201

foundations-admin-100000033260025485450.ml has address 52.186.147.72 foundations-admin-100000033260025485451.ml has address 52.186.147.72 foundations-admin-100000033260025485455.ml has address 52.186.147.72 foundations-admin-100000033260025485456.ml has address 52.186.147.72 foundations-admin-100000033260025485457.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000784.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000788.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000787.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000786.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000789.ml has address 52.186.147.72 admin-recoverys-1000000848336599921022.ml has address 52.186.147.72 admin-recoverys-1000000848336599921027.ml has address 52.186.147.72 admin-recoverys-1000000848336599921023.ml has address 52.186.147.72 admin-recoverys-1000000848336599921029.ml has address… Читать далее phishing server

13.89.35.185|mandybola.com|2021-09-25 12:35:43 13.89.35.185|mbuhkiz.com|2021-09-27 09:51:16 hXXps://1yjlnhc9ey83.mbuhkiz.com/p1cN28w $ host 1yjlnhc9ey83.mbuhkiz.com 1yjlnhc9ey83.mbuhkiz.com has address 13.89.35.185