Рубрика: cloudflare.com

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. TVRat botnet controller located at 104.21.62.22 on port 80 (using HTTP GET): hXXp://pshzbnb.com/update.php $ dig +short pshzbnb.com 104.21.62.22 Referencing malware binaries (MD5 hash): 6bc6b19a38122b926c4e3a5872283c56 — AV detection:… Читать далее TVRat botnet controller @104.21.62.22

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 172.67.136.167 on port 80 (using HTTP POST): hXXp://modexdeals.ir/6.jpg $ dig +short modexdeals.ir 172.67.136.167 Referencing malware binaries (MD5 hash): 44ac6fc2f8d02857f9d7a7bfde1e2376 — AV detection:… Читать далее OskiStealer botnet controller @172.67.136.167

Received: from 23.236.207.89 (EHLO baumzf.shared.fl00r1ngreplacementqu0te.design) X-Originating-Ip: [185.194.84.31] From: Eterna light <nieuwsbrief@e.debexybijenkorf.nl> Subject: keep your lights on during a blackout Date: Wed, 12 Jan 2022 08:3x:xx +0000 http://lightspeedage.com/[] 195.154.54.145 http://163.172.192.31/tr.php?[] 163.172.192.31 http://instrumentfresh.com/[] 104.227.171.149 https://www.l4n2fytrk.com/[]/?uid=364&sub1=200612&sub2=[]&sub3=[] 35.244.245.136 https://eternalight.originaldefense.com/blog/c?affID=304&C1=200612&C2=[]&C3=[]&C4=&C5=&click_id=[] 172.67.160.67

domain used in phishing attack. phras-info.xyz|104.21.16.168

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.131.70 on port 80 (using HTTP GET): hXXp://loftui.xyz/cookie/useStatistics/count $ dig +short loftui.xyz 172.67.131.70 Referencing malware binaries (MD5 hash): b3ea5c5e439b8ab445dd8d2f0c41c631 — AV detection:… Читать далее Malware botnet controller @172.67.131.70

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 104.21.62.142 on port 80 (using HTTP POST): hXXp://modexdeals.ir/7.jpg $ dig +short modexdeals.ir 104.21.62.142 Referencing malware binaries (MD5 hash): 0a7b9a3a120d129f53edd0c6fa2564b2 — AV detection:… Читать далее OskiStealer botnet controller @104.21.62.142

Cloudflare hosts the A record of the domain medtextopenj.info. This domain appears in spam emails as the Reply-to address, soliciting responses to the spam. No other contact method is provided in the spam sample from today’s mailing. This domain belongs to OMICS (aka Medtext Publications, Remedy Publishers, aka Austin Publishing, etc.) OMICS publishes a large… Читать далее SpamHosting (OMICS) (A record)

Spammer hosting located here: $ dig +short www.apotheker-rezeptfrei.ch 172.64.101.10 172.64.100.10

Cloudflare hosts the A record of the domain medtextopenj.info. This domain appears in spam emails as the Reply-to address, soliciting responses to the spam. No other contact method is provided in the spam sample from today’s mailing. This domain belongs to OMICS (aka Medtext Publications, Remedy Publishers, aka Austin Publishing, etc.) OMICS publishes a large… Читать далее SpamHosting (OMICS) (A record)

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 172.67.171.107 on port 80 (using HTTP POST): http://greenco2020.top/ http://greenco2021.top/ http://greenco2022.top/ $ dig +short greenco2020.top 172.67.171.107 Referencing malware binaries (MD5 hash): 050e0604ba92f40f9f058a80db861c48… Читать далее Smoke Loader botnet controller @172.67.171.107