The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AZORult botnet controller located at 104.21.20.176 on port 80 (using HTTP POST): hXXp://e4v5sa.xyz/PL341/index.php $ dig +short e4v5sa.xyz 104.21.20.176
Рубрика: cloudflare.com
AZORult botnet controller @172.67.193.69
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AZORult botnet controller located at 172.67.193.69 on port 80 (using HTTP POST): hXXp://e4v5sa.xyz/PL341/index.php $ dig +short e4v5sa.xyz 172.67.193.69 Referencing malware binaries (MD5 hash): 0b71a53b75074c03a48bf23774b1c5f1 — AV detection:… Читать далее AZORult botnet controller @172.67.193.69
Spamvertised website
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) From: «Evado EMC» <asradobujok@gmail.com> Date: Tue, 12 Apr 2022 08:0x:xx -0700 Subject: Evado EMC Re: [] https://www.linkedin.com/slink?code=[] 13.107.42.14 https://t.co/[] 104.244.42.69 https://thenewnormale.com/[] 69.51.5.227 https://mergevechicules.com/?s1=350266&s2=[]&s3=2357&s4=0&ow=&s10=739 104.21.15.80 https://wordinglines.com/[] 188.114.97.0 https://grainvein.com/click?s2=[]&s1=350266&s3=2357&s4=0&trvid=10555&ow=36 107.175.15.22 https://t.getbestoffer.shop/aff_c?offer_id=554&aff_id=1030&aff_sub2=[]&aff_sub1=2357#rafl 188.114.97.0 https://goofferstoday.com/c/gc-new-s21-samsung?s1=[]&s2=1030&s3=2357&offer_id=554#rafl 188.114.96.0
Spam Hosting (mailwizz.zeitarbeits.eu) (Labas Group) (Nermeka/Toltrade) SECOND SBL LISTING!
CLoudflare is hosting mailwizz.zeitarbeits.eu. The domain zeitarbeits.eu has no A record. This domain was listed three years ago for participating in spam exactly as it does in the spam sample below. It belongs to Labas Group (aka Nermeka, Toltrade, Bau Gruppe, and other names). SPAM SAMPLE: Received: from mail0.labas-hire.com (mail0.labas-hire.com [141.95.160.192]) Date: Mon, 11 Apr… Читать далее Spam Hosting (mailwizz.zeitarbeits.eu) (Labas Group) (Nermeka/Toltrade) SECOND SBL LISTING!
Spam Hosting (mailwizz.zeitarbeits.eu) (Labas Group) (Nermeka/Toltrade) SECOND SBL LISTING!
CLoudflare is hosting mailwizz.zeitarbeits.eu. The domain zeitarbeits.eu has no A record. This domain was listed three years ago for participating in spam exactly as it does in the spam sample below. It belongs to Labas Group (aka Nermeka, Toltrade, Bau Gruppe, and other names). SPAM SAMPLE: Received: from mail0.labas-hire.com (mail0.labas-hire.com [141.95.160.192]) Date: Mon, 11 Apr… Читать далее Spam Hosting (mailwizz.zeitarbeits.eu) (Labas Group) (Nermeka/Toltrade) SECOND SBL LISTING!
Spammer hosting @66.235.200.6
Spammer hosting located here: $ dig +short www.talentsummercourses.it 66.235.200.6 Spam sample ===================================== Received: from newsletter.talentmusicmasters.it (newsletter.talentmusicmasters.it [77.32.180.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Mon, 11 Apr 2022 X DKIM-Signature: X To: X Subject: Talent Summer Courses and Opera &… Читать далее Spammer hosting @66.235.200.6
Loki botnet controller @172.67.143.130
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.143.130 on port 80 (using HTTP POST): hXXp://controlsvr1.tk/Concord/fre.php $ dig +short controlsvr1.tk 172.67.143.130 Other malicious domain names hosted on this IP address:… Читать далее Loki botnet controller @172.67.143.130
Loki botnet controller @104.21.87.137
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.87.137 on port 80 (using HTTP POST): hXXp://controlsvr1.tk/Concord/fre.php $ dig +short controlsvr1.tk 104.21.87.137 Referencing malware binaries (MD5 hash): 9895aa94d450240f6ff12035664a4f20 — AV detection:… Читать далее Loki botnet controller @104.21.87.137
Loki botnet controller @188.114.97.15
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.97.15 on port 80 (using HTTP POST): hXXp://vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php $ dig +short vmopahtqdf84hfvsqepalcbcch63gdyvah.ml 188.114.97.15 Referencing malware binaries (MD5 hash): 0031dfd9187e1ead59c63d61d78eea93 — AV detection:… Читать далее Loki botnet controller @188.114.97.15
Spammer hosting @104.26.9.80
Spammer hosting located here: https://t.raptorsmartadvisor.com/.lty?url=inother.me?X -> http://inother.me/?X —> https://www.loansidemed.com/X —> https://translatorenence.com/articles/japan-tech/?lX $ dig +short t.raptorsmartadvisor.com 104.26.9.80 172.67.70.232 104.26.8.80 Spam sample ============================================== Received: from whale.canuswim.pro ([138.91.52.151]) by X with ESMTP id X; Wed, 30 Mar 2022 X Received: from tpgau.xyz (unknown [74.63.254.136]) by X (Postfix) with ESMTP id X for <X; Wed, 30 Mar 2022 X… Читать далее Spammer hosting @104.26.9.80