OskiStealer botnet controller @104.21.62.142

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 104.21.62.142 on port 80 (using HTTP POST): hXXp://modexdeals.ir/7.jpg $ dig +short modexdeals.ir 104.21.62.142 Referencing malware binaries (MD5 hash): 0a7b9a3a120d129f53edd0c6fa2564b2 — AV detection:… Читать далее OskiStealer botnet controller @104.21.62.142

SpamHosting (OMICS) (A record)

Cloudflare hosts the A record of the domain medtextopenj.info. This domain appears in spam emails as the Reply-to address, soliciting responses to the spam. No other contact method is provided in the spam sample from today’s mailing. This domain belongs to OMICS (aka Medtext Publications, Remedy Publishers, aka Austin Publishing, etc.) OMICS publishes a large… Читать далее SpamHosting (OMICS) (A record)

SpamHosting (OMICS) (A record)

Cloudflare hosts the A record of the domain medtextopenj.info. This domain appears in spam emails as the Reply-to address, soliciting responses to the spam. No other contact method is provided in the spam sample from today’s mailing. This domain belongs to OMICS (aka Medtext Publications, Remedy Publishers, aka Austin Publishing, etc.) OMICS publishes a large… Читать далее SpamHosting (OMICS) (A record)

Smoke Loader botnet controller @172.67.171.107

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 172.67.171.107 on port 80 (using HTTP POST): http://greenco2020.top/ http://greenco2021.top/ http://greenco2022.top/ $ dig +short greenco2020.top 172.67.171.107 Referencing malware binaries (MD5 hash): 050e0604ba92f40f9f058a80db861c48… Читать далее Smoke Loader botnet controller @172.67.171.107

Snowshoe spammer hosting

Return-Path: []@mail.bondrian.digital> Received: from flint.bondrian.digital (host75.antennebusiness.us [31.210.22.205]) by [] (8.14.7/8.14.7) with ESMTP id [] for []; Mon, 3 Jan 2022 06:[]:[] -0500 Authentication-Results: [] DKIM-Signature: [] DomainKey-Signature: [] Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=»[]» Date: Mon, 3 Jan 2022 12:[]:[] +0100 From: «Destroy Tinnitus» <curetinnitus@bondrian.digital> Reply-To: «Tinnitus Repair» <curetinnitus@bondrian.digital> Subject: Secret Military Project Fixes Tinnitus To:… Читать далее Snowshoe spammer hosting

Malware botnet controller @104.21.63.77

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 104.21.63.77 on port 80 (using HTTP GET): hXXp://humnkd.xyz/cookie/useStatistics/count $ dig +short humnkd.xyz 104.21.63.77 Referencing malware binaries (MD5 hash): 4ffef2e35594eb44fcf1e4c222ec5341 — AV detection:… Читать далее Malware botnet controller @104.21.63.77

Spam Dropbox/Replies Domain (clinicsinoncology.com) (OMICS)

Cloudflare hosts the domain clinicsinoncology.com, which belongs to OMICS and is used to receive replies to spam. The domain appears in email addresses in the message bodies of OMICS spam. OMICS (aka Remedy Putlications, aka Austin Publishing, and others) is an open access publisher of academic, medical and scientific journals. It recruits contributions to its… Читать далее Spam Dropbox/Replies Domain (clinicsinoncology.com) (OMICS)