Received: from voluptatesogajh.static.206.123.90.157.clients.your-server.de (51.104.245.202) Date: Tue, 14 Sep 2021 20:1x:xx +0000 From: 💕MeetRussianLady💕 <news@your-server.de> Subject: 🔥[]🔥,Russiske piger søger ægte kærlighed http://blotto.biz/track/[] 146.56.169.102 https://www.incorport.com/J55PK4D/QZX6914/?sub1=7&sub2=[] 173.255.248.174 https://www.russianwomanlove.com/index.php/promote/click?aid=1484&oid=CP230172&qpid_offer_id=[]&qpid_subid=9343&source_tag=7&qpid_clickid=[] 52.40.246.237 https://www.charmdate.com/my/register_do.php 52.197.172.138

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 40.121.49.138 on port 8023 TCP: $ telnet 40.121.49.138 8023 Trying 40.121.49.138… Connected to 40.121.49.138. Escape character… Читать далее Vjw0rm botnet controller @40.121.49.138

Fake «magalu» site regularly spammed for from cnode.io space: Status Code URL IP Page Type Redirect Type Redirect URL 200 http://ofertas-tv-magazineluiza.com/c8c3998fab4dae554aebecea7b84119c/?produto=smart-tv-58-crystal-4k-samsung-58au7700-wi-fi-bluetooth-hdr-alexa-built-in-3-hdmi-1-usb/p/193441400/et/tv4k/? 20.197.197.146 normal none none

hXXps://api.ids-human-verification.com/r/YWO5F0P identifying-human.com ids-human-verification.com irs-human-detection.com check-verification-human.com instograsipdl.com check-human-verification.com serahludahanjing.com redirectme.net api-cloudflares-redirect.com tataskabehmbuh.com google-safelink-urlhahay.com irs-human-verification.com api-redirect-us.com alahsialmoment.com api.identifying-human.com has address 13.92.139.111 api.irs-human-detection.com has address 13.92.139.111 api.instograsipdl.com has address 13.92.139.111 —- 13.92.139.111|antiormas.tataskabeh.com|2021-09-08 22:10:43 13.92.139.111|api-redirect-us.com|2021-09-08 19:15:52 13.92.139.111|api-redirection.dms-human-validation.com|2021-09-19 17:41:15 13.92.139.111|api.alahsialmoment.com|2021-09-07 21:40:47 13.92.139.111|api.ids-cloudflare-robot-detections.com|2021-09-18 19:46:41 13.92.139.111|api.ids-human-verification.com|2021-09-17 15:49:16 13.92.139.111|api.instograsipdl.com|2021-09-17 22:44:45 13.92.139.111|api.kepaksayapp.com|2021-09-21 17:59:16 13.92.139.111|api.redirect-human-validation.com|2021-09-22 07:53:20 13.92.139.111|api.serahludahanjing.com|2021-09-15 11:07:58 13.92.139.111|api.seterahdahlu.com|2021-09-04 00:05:39 13.92.139.111|api.tataskabehmbuh.com|2021-09-10 21:06:12 13.92.139.111|api.uisderes.com|2021-09-21 14:10:53 13.92.139.111|google-safelink-urlhahay.com|2021-09-14… Читать далее irs phishing server

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.52.46.119 on port 52190 TCP: $ telnet 20.52.46.119 52190 Trying 20.52.46.119… Connected to 20.52.46.119. Escape character… Читать далее NanoCore botnet controller @20.52.46.119

23.99.230.170|cdn.secureserver.irs.gov-us-refund.com|2021-09-21 23.99.230.170|claim-irs-gov.us-en-tax-identity-refunds.com|2021-09-21 23.99.230.170|irs-claim.us-taxreturn.com|2021-09-21 23.99.230.170|irs-gov.irs-m-us-covid19.com|2021-09-22 23.99.230.170|irs-gov.mirs-gop-covid19.com|2021-09-22 23.99.230.170|irs-gov.us-en-tax-identity-refunds.com|2021-09-21 23.99.230.170|irs-gov.us-identity-refunds.com|2021-09-21 23.99.230.170|irs-m-us-covid19.com|2021-09-22 23.99.230.170|irs.gov-claims-funds.com|2021-09-22 23.99.230.170|mail.cloudfeler-irs.net|2021-09-22 23.99.230.170|mirs-gop-covid19.com|2021-09-21 23.99.230.170|redirect-secure.cloudflare.human-verifications.com|2021-09-22 23.99.230.170|secure.irs-gov.us-available-funds.com|2021-09-21 23.99.230.170|www.irs.gov-claims-fund.com|2021-09-21

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.203.173.201 on port 58110 TCP: $ telnet 20.203.173.201 58110 Trying 20.203.173.201… Connected to 20.203.173.201. Escape character… Читать далее AsyncRAT botnet controller @20.203.173.201

foundations-admin-100000033260025485450.ml has address 52.186.147.72 foundations-admin-100000033260025485451.ml has address 52.186.147.72 foundations-admin-100000033260025485455.ml has address 52.186.147.72 foundations-admin-100000033260025485456.ml has address 52.186.147.72 foundations-admin-100000033260025485457.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000784.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000788.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000787.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000786.ml has address 52.186.147.72 reconfirm-page-100000012345986958680000789.ml has address 52.186.147.72 admin-recoverys-1000000848336599921022.ml has address 52.186.147.72 admin-recoverys-1000000848336599921027.ml has address 52.186.147.72 admin-recoverys-1000000848336599921023.ml has address 52.186.147.72 admin-recoverys-1000000848336599921029.ml has address… Читать далее phishing server

13.89.35.185|mandybola.com|2021-09-25 12:35:43 13.89.35.185|mbuhkiz.com|2021-09-27 09:51:16 hXXps://1yjlnhc9ey83.mbuhkiz.com/p1cN28w $ host 1yjlnhc9ey83.mbuhkiz.com 1yjlnhc9ey83.mbuhkiz.com has address 13.89.35.185