Автор: blog

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.194.35.6 on port 7904 TCP: $ telnet 20.194.35.6 7904 Trying 20.194.35.6… Connected to 20.194.35.6. Escape character… Читать далее njrat botnet controller @20.194.35.6

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.185.47.68 on port 3500 TCP: $ telnet 20.185.47.68 3500 Trying 20.185.47.68… Connected to 20.185.47.68. Escape character… Читать далее NanoCore botnet controller @20.185.47.68

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.252.234.34 on port 2222 TCP: $ telnet 52.252.234.34 2222 Trying 52.252.234.34… Connected to 52.252.234.34. Escape character… Читать далее BitRAT botnet controller @52.252.234.34

supportfortwitter.com has address 52.148.188.66 hxxp://supportfortwitter.com Login to Twitter / Twitter >100 other phishing sites since June 2021 igfeedbacks.com instagramtelifmerkezii.com departmentforinstagram.com supportfortwitter.com www-lg-helpcontact.com instagramprivacs.ml igcovidservice.com igcopyrightdepartment.com ig-servicesscostumer.ml lnstagram-destek.com copyring-servicez.tk lg-helpcopyright.com ig-copyrigthform.ml copyrihgts-infringements.com lnstagramappaels.ml

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://23.102.184.147/pm13/pm13.png

Received: from [128.199.82.246] (helo=mta0.zhuoda.com) From: «EMS» <acsinc@acsinc.co.kr> Subject: [] 附件是您的收据 Date: 18 Aug 2021 05:45:11 +0200 form hosted @ https://soldbypickens.com/exe/send.php soldbypickens.com. 3600 IN A 20.197.230.226

Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05olkn2022.outbound.protection.outlook.com [40.92.90.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Wed, 18 Aug 2021 X […] Received: from DB8EUR05FT057.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc0f::4e) by DB8EUR05HT228.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc0f::87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id X; Wed, 18 Aug… Читать далее Spam source @40.92.90.22

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.150.137.35 on port 7400 TCP: $ telnet 20.150.137.35 7400 Trying 20.150.137.35… Connected to 20.150.137.35. Escape character… Читать далее AveMariaRAT botnet controller @20.150.137.35

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 52.158.47.4 on port 80 (using HTTP GET): hXXp://52.158.47.4/javascriptPollhttpLongpoll.php Referencing malware binaries (MD5 hash): e8317caac6568f4d37d8535a1e56ad29 — AV detection: 40 / 69 (57.97)

Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range