blog — Страница 235

Malware distribution @5.196.247.6

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://5.196.247.6/44477.7110131944.dat $ nslookup 5.196.247.6 ip6.ip-5-196-247.eu

Suspected Snowshoe Spam IP Range [1/3]

Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range [1/3]

Suspected Snowshoe Spam IP Range [2/3]

Suspected Snowshoe Spam IP Range [3/3]

spam emitter @69.164.211.186

Received: from holltz.com (69.164.211.186) From: iPhone 13<reply@raidir.club!>;<service@stayfriends.de> Subject: Geben Sie Ihre Gewinndaten ein! Date: Fri, 08 Oct 2021 02:4x:xx +0000

FastFlux hosting provider: bulletproof.su — who use hacked servers to host malware, phish, etc.

https://bulletproof-hosting.com >>> https://bulletproof.su/? >>> https://t.me/ffservice? 40.121.200.45 abusehost.pro 2021-09-20 12:47:09 40.121.200.45 approved-xxx.su 2021-09-14 13:56:04 40.121.200.45 bulletproof-hosting.com 2021-09-21 09:16:15 40.121.200.45 bulletproof.im 2021-09-12 12:20:54 40.121.200.45 bulletproof.su 2021-10-07 03:06:21 40.121.200.45 ccshoponline.ru 2021-10-07 22:53:49 40.121.200.45 ccvv2dumps.com 2021-09-22 08:01:53 40.121.200.45 fast-flux.ru 2021-09-27 19:41:51 40.121.200.45 fastflux.su 2021-10-01 02:20:56 40.121.200.45 goldplastic.net 2021-09-30 16:06:38 40.121.200.45 goodshop24.biz 2021-09-22 00:52:19 40.121.200.45 mail.cvvshops.su 2021-09-13 17:59:33 40.121.200.45 mail.fastflux.su… Читать далее FastFlux hosting provider: bulletproof.su — who use hacked servers to host malware, phish, etc.

RedLineStealer botnet controller @37.230.112.47

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 37.230.112.47 on port 36265 TCP: $ telnet 37.230.112.47 36265 Trying 37.230.112.47… Connected to 37.230.112.47. Escape character… Читать далее RedLineStealer botnet controller @37.230.112.47

Banload botnet controller @3.142.130.155

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Banload botnet controller located at 3.142.130.155 on port 80 (using HTTP POST): hXXp://bagnovo.duckdns.org/parapop/tuisR485959fjgjgjjg.php $ dig +short bagnovo.duckdns.org 3.142.130.155 $ nslookup 3.142.130.155 ec2-3-142-130-155.us-east-2.compute.amazonaws.com Other malicious domain names hosted… Читать далее Banload botnet controller @3.142.130.155

Malware distribution @5.196.247.5

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://5.196.247.5/44476.6826112269.dat $ nslookup 5.196.247.5 ip5.ip-5-196-247.eu

RedLineStealer botnet controller @104.21.66.135

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 104.21.66.135 on port 443 TCP: $ telnet 104.21.66.135 443 Trying 104.21.66.135… Connected to 104.21.66.135. Escape character… Читать далее RedLineStealer botnet controller @104.21.66.135