The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.226.20.129 on port 80 (using HTTP POST): hXXp://iofajfioshnguiosfui.from-pa.com/novidades/inspecionando.php $ dig +short iofajfioshnguiosfui.from-pa.com 20.226.20.129 Referencing malware binaries (MD5 hash): 3030d0b1335357da24960cd99e54ef02 — AV detection:… Читать далее Malware botnet controller @20.226.20.129
QuasarRAT botnet controller @3.83.129.253
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.83.129.253 on port 4747 TCP: $ telnet 3.83.129.253 4747 Trying 3.83.129.253… Connected to 3.83.129.253. Escape character… Читать далее QuasarRAT botnet controller @3.83.129.253
Malware botnet controller @176.9.148.153
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 176.9.148.153 on port 443. $ telnet 176.9.148.153 443 Trying 176.9.148.153… Connected to 176.9.148.153. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @176.9.148.153
AveMariaRAT botnet controller @192.95.0.200
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 192.95.0.200 on port 6768 TCP: $ telnet 192.95.0.200 6768 Trying 192.95.0.200… Connected to 192.95.0.200. Escape character… Читать далее AveMariaRAT botnet controller @192.95.0.200
ArkeiStealer botnet controller @116.202.1.195
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 116.202.1.195 on port 80 (using HTTP GET): hXXp://116.202.1.195/ $ nslookup 116.202.1.195 static.195.1.202.116.clients.your-server.de Referencing malware binaries (MD5 hash): ad1b502b6714c0a374b055332018974b — AV detection: 26… Читать далее ArkeiStealer botnet controller @116.202.1.195
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: aidsmap bulletins <bulletins@bulletins.aidsmap.com> Subject: aidsmap news: CoronaVac shows weaker response in people with HIV, 19 April 2022 Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed»… Читать далее Abused / misconfigured newsletter service (listbombing)
DCRat botnet controller @82.146.59.136
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 82.146.59.136 on port 80 (using HTTP GET): hXXp://82.146.59.136/_/datalife45/TrackProcessDle/JavascriptUpdateGeneratordlelocal.php $ nslookup 82.146.59.136 nolove209.fvds.ru Referencing malware binaries (MD5 hash): bc43cff296c2977a382f6569ed0db331 — AV detection: 40… Читать далее DCRat botnet controller @82.146.59.136
Socelars botnet controller @207.180.250.246
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 207.180.250.246 on port 80 (using HTTP POST): hXXp://www.fpsbw.com/ $ dig +short www.fpsbw.com 207.180.250.246 $ nslookup 207.180.250.246 vmi856029.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @207.180.250.246
Smoke Loader botnet controller @95.213.216.204
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 95.213.216.204 on port 80 (using HTTP POST): hXXp://ejeana.co.ug/index.php ejeana.co.ug. 600 IN A 95.213.216.204 Referencing malware binaries (MD5 hash): 623ef5cd7c56c96132336938466c9c16 — AV… Читать далее Smoke Loader botnet controller @95.213.216.204
Malware botnet controller @198.244.224.87
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 198.244.224.87 on port 443. $ telnet 198.244.224.87 443 Trying 198.244.224.87… Connected to 198.244.224.87. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @198.244.224.87