The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.30.161 on port 80 (using HTTP POST): hXXp://arku.xyz/tkrr/T1/w2/fre.php $ dig +short arku.xyz 104.21.30.161 Referencing malware binaries (MD5 hash): 504b15bb72b7d562c421480d14da7254 — AV detection:… Читать далее Loki botnet controller @104.21.30.161
Автор: blog
RedLineStealer botnet controller @172.67.202.60
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.202.60 on port 443 TCP: $ telnet 172.67.202.60 443 Trying 172.67.202.60… Connected to 172.67.202.60. Escape character… Читать далее RedLineStealer botnet controller @172.67.202.60
RedLineStealer botnet controller @104.21.95.171
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 104.21.95.171 on port 443 TCP: $ telnet 104.21.95.171 443 Trying 104.21.95.171… Connected to 104.21.95.171. Escape character… Читать далее RedLineStealer botnet controller @104.21.95.171
RedLineStealer botnet controller @172.67.207.221
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.207.221 on port 443 TCP: $ telnet 172.67.207.221 443 Trying 172.67.207.221… Connected to 172.67.207.221. Escape character… Читать далее RedLineStealer botnet controller @172.67.207.221
Phishing origination against Nordea Bank (Nordics)
Return-Path: <mail@arab-zone.net> Received: from srv6.art4muslim.com (srv6.art4muslim.com [37.187.93.54]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Thu, 30 Sep 2021 ##:##:## +0300 (EEST) Authentication-Results: x; dkim=pass reason=»2048-bit key» header.d=arab-zone.net header.i=@arab-zone.net header.b=j62G/XYD; dkim-adsp=pass DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arab-zone.net; s=default; h=Content-Type:MIME-Version:Sender:To:Message-Id: Subject:Date:From:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive;… Читать далее Phishing origination against Nordea Bank (Nordics)
OskiStealer botnet controller @192.64.114.103
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 192.64.114.103 on port 80 (using HTTP POST): hXXp://dellproductz.xyz/7.jpg $ dig +short dellproductz.xyz 192.64.114.103
idropnews.com spammers @52.22.187.16
52.22.187.16 = idropnews.com idrop-1790182703.us-east-1.elb.amazonaws.com The following related hostnames used for «snowshoe» spamming blog.idrop.io eye.idrop-news.com fb.idropnews.com idrop-news.com idrop.email idrop.io idrop.news idrop.us idropnews.com mail.idrop.us mailhost.idrop-news.com mailin.idrop.us master.idropnews.com mta165.idrop.io mta166.idrop.io mta168.idrop.io mta171.idrop.io mta172.idrop.io mx2.idrop.io mx3.idrop.io newsletter.idrop.io s1.idropnews.com seo.idropnews.com simple.idrop-news.com www.idrop-news.com www.idrop.email www.idrop.io www.idrop.news www.idrop.us — Domain Name: IDROPNEWS.NET Creation Date: 2013-10-02 20:14:00Z Registrar Registration Expiration Date: 2014-10-02 20:14:00Z… Читать далее idropnews.com spammers @52.22.187.16
RemoteManipulator botnet controller @109.234.156.178
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 109.234.156.178 on port 5655 TCP: $ telnet 109.234.156.178 5655 Trying 109.234.156.178… Connected to 109.234.156.178. Escape character… Читать далее RemoteManipulator botnet controller @109.234.156.178
RemoteManipulator botnet controller @185.175.44.167
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 185.175.44.167 on port 5655 TCP: $ telnet 185.175.44.167 5655 Trying 185.175.44.167… Connected to 185.175.44.167. Escape character… Читать далее RemoteManipulator botnet controller @185.175.44.167
Spam emitters
Spam emissions seen from: 78.155.202.66 78.155.202.67 78.155.202.68 78.155.202.69 78.155.202.70 Received: from s6.alinjgom.ru (alinjgom.ru [78.155.202.66]) Date: Wed, 29 Sep 2021 08:0x:xx +0000 From: Aleksandr <info@s6.alinjgom.ru> Subject: Предложение