Автор: blog

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://gabrieljuliano.com.br/zfmx.php Host: gabrieljuliano.com.br IP address: 191.232.38.77 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://o7therapy.com/hmruvcjzpeswbd.php Host: o7therapy.com IP address: 13.94.135.183 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://o7therapy.com/wp-content/plugins/all-in-one-wp-migration/storage/JST10x.php Host: o7therapy.com IP address: 13.94.135.183 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://saintmaron.org/wp-content/plugins/classic-editor/js/JST10x.php Host: saintmaron.org IP address: 168.63.73.207 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://solicon.us/rjfkebztlo.php Host: solicon.us IP address: 52.172.204.196 Hostname: n/a

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://solicwebaps.azurewebsites.net/dbtayzipqcvrw.php Host: solicwebaps.azurewebsites.net IP address: 52.172.219.121 Hostname: n/a

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 191.237.249.247 on port 1996 TCP: $ telnet 191.237.249.247 1996 Trying 191.237.249.247… Connected to 191.237.249.247. Escape character… Читать далее CyberGate botnet controller @191.237.249.247

The host at this IP address is emitting spam emails. Spam sample ========================================= From: ceo_mobileapps@outlook.com Subject: Re: Share your Mobile App Need ? =========================================

The host at this IP address is being (ab)used to «listbomb» email addresses: From: richalwhyne@hotmail.com Subject: Follow Up: Site Re_Designer. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In… Читать далее Abused / misconfigured newsletter service (listbombing)

The host at this IP address (52.172.211.121) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://livetrack.in/EmployeeMasterImages/qace.jpg AS number: AS8075 AS name: MICROSOFT-CORP-MSN-AS-BLOCK