The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://51.89.115.101/44504.5837228009.dat $ nslookup 51.89.115.101 secure-3111.buzztary.com Referencing malware binaries (MD5 hash): 05d20f2a19b8933792300b1b4f246e0f — AV detection: 32 / 73 (43.84) 0ed45dee4e4497eb96e5a164d5c2253e — AV detection: 45 / 71 (63.38) 13f2fdc3fa774a31b21747223e17f135 — AV detection: 37 / 71 (52.11) 19e04d9324e4a8b8b8f64637a6b91969 — AV detection:… Читать далее Malware distribution @51.89.115.101
Автор: blog
RedLineStealer botnet controller @172.67.213.114
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.213.114 on port 443 TCP: $ telnet 172.67.213.114 443 Trying 172.67.213.114… Connected to 172.67.213.114. Escape character… Читать далее RedLineStealer botnet controller @172.67.213.114
Loki botnet controller @104.21.78.45
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.78.45 on port 80 (using HTTP POST): hXXp://bobreplace.xyz/five/fre.php $ dig +short bobreplace.xyz 104.21.78.45 Referencing malware binaries (MD5 hash): 898badd240f8d99c109b1c8647eaa1f1 — AV detection:… Читать далее Loki botnet controller @104.21.78.45
Loki botnet controller @104.21.8.250
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.8.250 on port 80 (using HTTP POST): hXXp://peakledz.xyz//five/fre.php $ dig +short peakledz.xyz 104.21.8.250
RaccoonStealer botnet controller @104.21.62.135
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 104.21.62.135 on port 80 (using HTTP GET): hXXp://teleliver.top/rino115sipsip $ dig +short teleliver.top 104.21.62.135 Referencing malware binaries (MD5 hash): 473f71050681fc3f442d9ec340ba3207 — AV detection:… Читать далее RaccoonStealer botnet controller @104.21.62.135
Loki botnet controller @34.72.154.70
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 34.72.154.70 on port 80 (using HTTP POST): hXXp://navijunks.ml/chores/fre.php $ dig +short navijunks.ml 34.72.154.70 $ nslookup 34.72.154.70 70.154.72.34.bc.googleusercontent.com Other malicious domain names hosted… Читать далее Loki botnet controller @34.72.154.70
CEO fraud MX @192.64.119.59
The following domain name is used to conduct CEO fraud: $ dig +short finma-recovery.com MX 10 mx2.privateemail.com. 10 mx1.privateemail.com.
affiliate spam @frgfst.com
Received: from utyqwjn.extented.xyz (ms141.moonshot.dedicated.server-hosting.expert. [89.163.224.142]) From: 𝐓𝐚𝐱-𝟐0𝟐𝟏 ✔ <[]> Subject: 🛑 𝐄𝐦𝐞𝐫𝐠𝐞𝐧𝐜𝐲 𝐅𝐞𝐝𝐞𝐫𝐚𝐥 𝐓𝐚𝐱 𝐒𝐞𝐭𝐭𝐥𝐞𝐦𝐞𝐧𝐭 𝐀𝐧𝐧𝐨𝐮𝐧𝐜𝐞𝐬 𝟐𝟎𝟐𝟏 𝐓𝐚𝐱 𝐃𝐞𝐛𝐭 𝐑𝐞𝐥𝐢𝐞𝐟 Date: 11-04-2021 https://bit.ly/3bagpNq 67.199.248.10 https://www.featremain.com/[] 142.202.136.140 https://frgfst.com/?a=44&oc=337&c=617&s1=[]&s2=[] 44.224.10.104 https://mlf-1800-trk.com/?a=44&oc=337&c=617&s1=[]&s2=[]&ckmguid=[] 44.224.10.104 https://www.1800freshtax.com/v6/?reqid=[]&affid=44&a=44&cpAFID=44&cpSID=[]&s1=[]&cpSID2=[] 205.186.142.74
DCRat botnet controller @188.93.211.136
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 188.93.211.136 on port 80 (using HTTP GET): hXXp://188.93.211.136/javascriptwordpress.php $ nslookup 188.93.211.136 188-93-211-136.cloudvps.regruhosting.ru Referencing malware binaries (MD5 hash): 191f7b31782f54fc168021567d37bd79 — AV detection: 52… Читать далее DCRat botnet controller @188.93.211.136
Smoke Loader botnet controller @167.172.146.21
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 167.172.146.21 on port 80 (using HTTP GET): hXXp://rifyyoure.ink/ $ dig +short rifyyoure.ink 167.172.146.21