blog — Страница 224

spam emitter @144.76.18.189

Received: from spruce-goose-ar.twitter.com (144.76.18.189) From: Svart Hvitløk <> Subject: Svart Hvitløk For styrket immunforsvar og bedre helse Date: Sat, 16 Oct 2021 19:3x:xx +0000

spam support (domains)

domain used in spam operation 4wh456e.xyz|192.64.119.70

IP is full of phish and fraud sites. Fake banks and other financial «companies», fake goverment sites, Law firms, etc. usmilitaryofficial.org has address 173.249.6.57 warnerbnk.com has address 173.249.6.57 cicbaccess.com has address 173.249.6.57 horizondigitalinvest.com has address 173.249.6.57 mibcapitaltrust.com has address 173.249.6.57 fsbinternationalb.com has address 173.249.6.57 expressfundingventures.com has address 84.200.110.123 aliebinainvestmententerprise.com has address 173.249.6.57 mercantilcapital.com has address… Читать далее phishing / fraud server

DCRat botnet controller @37.46.128.148

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 37.46.128.148 on port 80 (using HTTP GET): hXXp://37.46.128.148/videoprocessordefaultGeneratorDownloads.php $ nslookup 37.46.128.148 paynestudiosde.fvds.ru Referencing malware binaries (MD5 hash): 57e6dcef9c3719c47b0ee0e6e09c8097 — AV detection: 37… Читать далее DCRat botnet controller @37.46.128.148

QuasarRAT botnet controller @3.36.121.136

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.36.121.136 on port 4782 TCP: $ telnet 3.36.121.136 4782 Trying 3.36.121.136… Connected to 3.36.121.136. Escape character… Читать далее QuasarRAT botnet controller @3.36.121.136

phishing / fraud sites

bnkenglandonline.com has address 162.0.232.161 legitidentitydocument.com has address 162.0.232.161

phishing server

irsassistancescenter.com has address 35.240.183.95

phishing server

track-mobile-usps.com has address 193.201.8.17 en-track-usps.com has address 193.201.8.17 en-page-usps.com has address 193.201.8.17 my-en-usps.com has address 193.201.8.17 193.201.8.17|en-page-usps.com|2021-10-16 01:56:06 193.201.8.17|en-track-usps.com|2021-10-16 16:40:42 193.201.8.17|en-usps.com|2021-10-13 01:36:21 193.201.8.17|home-usps.com|2021-10-12 18:31:08 193.201.8.17|m-usps.com|2021-10-11 18:01:19 193.201.8.17|my-en-usps.com|2021-10-15 01:46:14 193.201.8.17|page-usps.com|2021-10-13 03:46:03 193.201.8.17|track-mobile-usps.com|2021-10-16 17:10:51

phishing server

seguridad-scotiabank.com has address 82.202.194.7 alertamovil-abanca.com has address 82.202.194.7 alerta-ibercaja.com has address 82.202.194.7 82.202.194.7|alerta-ibercaja.com|2021-10-11 01:50:51 82.202.194.7|alerta-scotiabank.com|2021-10-11 16:11:46 82.202.194.7|alerta-scotlabank.com|2021-10-11 17:11:10 82.202.194.7|alerta1-abanca.com|2021-10-10 01:30:45 82.202.194.7|alerta1-ibercaja.com|2021-10-06 01:16:12 82.202.194.7|alertamovil-abanca.com|2021-10-12 15:22:05 82.202.194.7|alertas-ibercaja.com|2021-10-12 20:31:20 82.202.194.7|alertas-scotiabank.com|2021-10-13 15:51:46 82.202.194.7|seguridad-scotiabank.com|2021-10-16 17:20:50

phishing server

usps-invoice.gq has address 137.184.112.42 usps-invoice.cf has address 137.184.112.42 usps-invoice.ga has address 137.184.112.42 usps-invoice.tk has address 137.184.112.42 uspsmail.team has address 137.184.112.42 swisscom-abonements.cf has address 137.184.112.42 swisscom-abonements.tk has address 137.184.112.42 swisscom-abonnements.gq has address 137.184.112.42 santanderbanks.tk has address 137.184.112.42 swisscom-abonnements.cf has address 137.184.112.42 maincloud.ga has address 137.184.112.42 swisscome-network.gq has address 137.184.112.42 swisscom-abonements.ml has address 137.184.112.42 swisscome-network.tk has address… Читать далее phishing server