$ host danskiebank.com danskiebank.com has address 165.22.124.142 This recently registered domain name only exists to phish customers of Danske.
Автор: blog
phishing server
68.183.47.239|secure-01citizns.net|2021-11-02 21:15:58 68.183.47.239|secure02bcitizns.com|2021-11-07 22:35:47 68.183.47.239|secure089bcitizns.com|2021-11-07 19:05:57 68.183.47.239|server03bcitizns.com|2021-11-02 23:00:55 68.183.47.239|server083bcitizns.com|2021-11-03 16:56:36 68.183.47.239|server17bcitizens.com|2021-11-08 16:11:19
phishing server
hXXp://citizan05s-online.com/ $ host citizan05s-online.com citizan05s-online.com has address 178.128.237.184
Spam list vendor
Return-Path: <btzzgt@psrp.streamlineinformatics.com> Received: from mta6.rekhawillmore.online (mta6.rekhawillmore.online [51.89.17.74]) by x (Postfix) with ESMTPS id x for <x>; Mon, 8 Nov 2021 ##:##:## +0100 (CET) Authentication-Results: x; dkim=pass (1024-bit key; unprotected) header.d=streamlineinformatics.com header.i=@streamlineinformatics.com header.a=rsa-sha256 header.s=postal-U16lZf header.b=apf+ErXb; dkim-atps=neutral Resent-Sender: btzzgt@psrp.streamlineinformatics.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=streamlineinformatics.com; s=postal-U16lZf; t=16363#####; bh=+4f+dtsNx; h=mime-version:from:reply-to:to:subject:content-type:content-transfer-encoding:date:message-id; b=apf+ErXbx X-Postal-MsgID: x Received: from 49.207.200.172.actcorp.in (::ffff:49.207.200.172 [::ffff:49.207.200.172]) by… Читать далее Spam list vendor
Distributed Spam-for-Hire Network (ddns.net)
The following IP addresses at several providers of inexpensive VPS services are sending spam for several customers. The IP addresses HELO as a hostname in the ddns.net domain. This domain is owned by no-ip.com, a provider of distributed IP services. The first IP address below is sending phish. The second is sending spam for provider… Читать далее Distributed Spam-for-Hire Network (ddns.net)
spam emitter @52.7.244.190
Received: from mta1a.mail.zscloud.net (52.7.244.190) From: Confirmation Needed<unsubscribe@storeserv.info> Subject: unsubscribe_me Date: Sat, 06 Nov 2021 17:2x:xx +0100
Spamvertised website
Received: from teslacars.sbs (teslacars.sbs. [91.199.147.7]) Date: [mail_date] Subject: CVS ORDER for: []!!___________________[] From: «Thank-Y0U» <[]> https://storage.googleapis.com/buckettt01/Redirect%20newslettersreply.shop.html#rd/[] 172.217.12.240 http://newslettersreply.shop/track/[] 208.82.116.162 https://normalbag.com/[] 172.99.172.20 https://dreadgeplot.com/index2.php?s1=350883&s2=[]&s3=2149&s4=0&ow=56&p=[] 104.21.58.91 https://mondaybunny.com/?[] 172.67.192.113 https://rockupz.com/click?trvid=10260&s2=[]&s1=350883&s3=2149&s4=&ow=56 184.73.162.154 https://cheakylads.com/?a=100309&c=121300&s2=[] 35.71.130.230 https://www.alm30t.com/[]/?sub1=[]&source_id=100309&sub2= 35.244.193.194 https://symphonyfit.com/special/?affId=1&c1=[]&c2=5&c3=100309 172.67.214.89
Kovter botnet controller @91.213.50.136
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Kovter botnet controller located at 91.213.50.136 on port 80 (using HTTP GET): hXXp://91.213.50.136/QgIc/gate.php Referencing malware binaries (MD5 hash): bfdf6b8b7c1edd61333b1659222c3457 — AV detection: 10 / 68 (14.71)
RedLineStealer botnet controller @135.125.40.67
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.125.40.67 on port 49126 TCP: $ telnet 135.125.40.67 49126 Trying 135.125.40.67… Connected to 135.125.40.67. Escape character… Читать далее RedLineStealer botnet controller @135.125.40.67
Phishing hosting @20.79.218.39
am-ctrk.com A 20.79.218.39 amazon-draw.com A 20.79.218.39 amazon-kundendienst.com A 20.79.218.39 amazon-loyalitat.com A 20.79.218.39 amazon-produkt.com A 20.79.218.39 amazon-regalo.com A 20.79.218.39 amazon-treueprogramm.com A 20.79.218.39 amazon-umfrage.com A 20.79.218.39 amazon-win.com A 20.79.218.39 cdiscount-deal.com A 20.79.218.39 cdiscount-promotions.com A 20.79.218.39 chswiss-ctrl.com A 20.79.218.39 ctrl-deal.com A 20.79.218.39 ctrl-dmdi.com A 20.79.218.39 ctrl-kzjedz.com A 20.79.218.39 ctrl-poros.com A 20.79.218.39 dcmcdisc.com A 20.79.218.39 de-ambz.com A 20.79.218.39 deutsch-supp.com… Читать далее Phishing hosting @20.79.218.39