Рубрика: cloudflare.com

domain used in phishing operation degaussngs.com/sf/tpl9?logo=bestbuy&**REDACTED**

Return-Path: []@mail.bondrian.digital> Received: from flint.bondrian.digital (host75.antennebusiness.us [31.210.22.205]) by [] (8.14.7/8.14.7) with ESMTP id [] for []; Mon, 3 Jan 2022 06:[]:[] -0500 Authentication-Results: [] DKIM-Signature: [] DomainKey-Signature: [] Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=»[]» Date: Mon, 3 Jan 2022 12:[]:[] +0100 From: «Destroy Tinnitus» <curetinnitus@bondrian.digital> Reply-To: «Tinnitus Repair» <curetinnitus@bondrian.digital> Subject: Secret Military Project Fixes Tinnitus To:… Читать далее Snowshoe spammer hosting

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 104.21.63.77 on port 80 (using HTTP GET): hXXp://humnkd.xyz/cookie/useStatistics/count $ dig +short humnkd.xyz 104.21.63.77 Referencing malware binaries (MD5 hash): 4ffef2e35594eb44fcf1e4c222ec5341 — AV detection:… Читать далее Malware botnet controller @104.21.63.77

Cloudflare hosts the domain clinicsinoncology.com, which belongs to OMICS and is used to receive replies to spam. The domain appears in email addresses in the message bodies of OMICS spam. OMICS (aka Remedy Putlications, aka Austin Publishing, and others) is an open access publisher of academic, medical and scientific journals. It recruits contributions to its… Читать далее Spam Dropbox/Replies Domain (clinicsinoncology.com) (OMICS)

domain used in spam operation. maasalong.com [104.21.17.216]

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 104.21.4.131 on port 80 (using HTTP POST): hXXp://jessecoltd.ir/6.jpg $ dig +short jessecoltd.ir 104.21.4.131 Referencing malware binaries (MD5 hash): 818856f62f9ef72ae5d9c51877a9b365 — AV detection:… Читать далее OskiStealer botnet controller @104.21.4.131

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 104.21.96.64 on port 80 (using HTTP POST): hXXp://golfhomexpresx.ir/7.jpg $ dig +short golfhomexpresx.ir 104.21.96.64 Referencing malware binaries (MD5 hash): 8fba526b759a51885a2f1a0f26ae040f — AV detection:… Читать далее OskiStealer botnet controller @104.21.96.64

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.17.236 on port 80 (using HTTP POST): hXXp://rhinestone.cc/obino/Panel/five/fre.php $ dig +short rhinestone.cc 104.21.17.236 Referencing malware binaries (MD5 hash): e49fe965fac546dd81864efdb9863399 — AV detection:… Читать далее Loki botnet controller @104.21.17.236

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.210.26 on port 80 (using HTTP POST): hXXp://nedskytrex.xyz/neds/Panel/five/fre.php $ dig +short nedskytrex.xyz 172.67.210.26 Referencing malware binaries (MD5 hash): 4977956f1b99ec1365aefcc4bf506951 — AV detection:… Читать далее Loki botnet controller @172.67.210.26

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.156.171 on port 80 (using HTTP GET): hXXp://installstats.online/reg.php $ dig +short installstats.online 172.67.156.171 Referencing malware binaries (MD5 hash): 4ccf1d875a9caa4eca96e6a479fc37b9 — AV detection:… Читать далее Malware botnet controller @172.67.156.171