hxxp[://]winner2100k[.]xyz is an active bank phishing redirector. $ host winner2100k.xyz winner2100k.xyz has address 192.64.119.196
Автор: blog
Phishing origination against S-Pankki (Finnish banking group)
Received: from smtp.gowebbm.fun (smtp.gowebbm.fun [178.62.108.80]) … Authentication-Results: x; dkim=pass (2048-bit key; unprotected) header.d=gowebbm.fun header.i=@gowebbm.fun header.b=»JLCttXV6″; dkim-atps=neutral Subject: Verkkopankki Päivitys From: inf0@S-pankki.fi
Phishing origination against S-Pankki (Finnish banking group)
Received: from smtp.goodlifeweb.website (smtp.goodlifeweb.website [134.122.51.64]) … Authentication-Results: x; dkim=pass (2048-bit key; unprotected) header.d=goodlifeweb.website header.i=@goodlifeweb.website header.a=rsa-sha256 header.s=default header.b=scB771vF; dkim-atps=neutral Subject: Verkkopankki Päivitys From: inf0@S-pankki.fi
phishing server
myredelivery-service.com has address 31.184.249.183 support-021.link has address 31.184.249.183 parcel-supportinfo.com has address 31.184.249.183 royalmail-delivery-redirect.com has address 31.184.249.183 id7383833.com has address 31.184.249.183
phishing server
chase43auth.com has address 167.99.151.117 chase02b.com has address 167.99.151.117
DCRat botnet controller @62.109.17.123
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 62.109.17.123 on port 80 (using HTTP GET): hXXp://62.109.17.123/VideoPhpPacketlongpollCdn.php $ nslookup 62.109.17.123 d3zzm0ral.fvds.ru Referencing malware binaries (MD5 hash): 4b47a63fa9c615d107786c8fffe6b4dd — AV detection: 37… Читать далее DCRat botnet controller @62.109.17.123
Tofsee botnet controller @185.63.189.27
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 185.63.189.27 on port 416 TCP: $ telnet 185.63.189.27 416 Trying 185.63.189.27… Connected to 185.63.189.27. Escape character… Читать далее Tofsee botnet controller @185.63.189.27
Tofsee botnet controller @51.158.144.223
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.158.144.223 on port 416 TCP: $ telnet 51.158.144.223 416 Trying 51.158.144.223… Connected to 51.158.144.223. Escape character… Читать далее Tofsee botnet controller @51.158.144.223
Tofsee botnet controller @5.9.55.235
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 5.9.55.235 on port 416 TCP: $ telnet 5.9.55.235 416 Trying 5.9.55.235… Connected to 5.9.55.235. Escape character… Читать далее Tofsee botnet controller @5.9.55.235
AsyncRAT botnet controller @194.195.211.26
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.195.211.26 on port 4044 TCP: $ telnet 194.195.211.26 4044 Trying 194.195.211.26… Connected to 194.195.211.26. Escape character… Читать далее AsyncRAT botnet controller @194.195.211.26