The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXX://daferton.top/30fdh3fdh/update1.dll daferton.top. 300 IN A 188.114.96.0 daferton.top. 300 IN A 188.114.97.0
Рубрика: cloudflare.com
OskiStealer botnet controller @104.21.71.57
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 104.21.71.57 on port 80 (using HTTP POST): hXXp://t-shinwa-jp.com/admin//6.jpg $ dig +short t-shinwa-jp.com 104.21.71.57 Other malicious domain names hosted on this IP address:… Читать далее OskiStealer botnet controller @104.21.71.57
Spam Hosting (medtextpublications.com) (OMICS)
Cloudflare hosts the A records of the domain medtextpublications.com, which belongs to OMICS. OMICS is a publisher of «open-access» journals that solicits contributions and (by implication) subscriptions to its journals through spam sent to scraped, purchased, or appended lists. OMICS has over 100 SBL listings, over 40 of them live. It sends a great deal… Читать далее Spam Hosting (medtextpublications.com) (OMICS)
Spam Hosting (medtextpublications.com) (OMICS)
Cloudflare hosts the A records of the domain medtextpublications.com, which belongs to OMICS. OMICS is a publisher of «open-access» journals that solicits contributions and (by implication) subscriptions to its journals through spam sent to scraped, purchased, or appended lists. OMICS has over 100 SBL listings, over 40 of them live. It sends a great deal… Читать далее Spam Hosting (medtextpublications.com) (OMICS)
AgentTesla botnet controller @172.67.210.108
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AgentTesla botnet controller located at 172.67.210.108 on port 80 (using HTTP POST): hXXp://lab2e1.xyz//inc/741e7bb0442c85.php $ dig +short lab2e1.xyz 172.67.210.108 Referencing malware binaries (MD5 hash): 449fe744967d2c924fb1ec737187f976 — AV detection:… Читать далее AgentTesla botnet controller @172.67.210.108
Spam MX services (remedypublication.net) (OMICS)
Cloudflare hosts the A records of teh domain remedypublication.net, which belongs to Remedy Publishers, aka OMICS. OMICS is a publisher of «open-access» journals. It solicits contributions and (by implication) subscriptions to its journals by sending spam to scraped, purchased, or appended lists. OMICS has considerably over 100 SBL listings, over 40 of which are currently… Читать далее Spam MX services (remedypublication.net) (OMICS)
Spam MX services (remedypublication.net) (OMICS)
Cloudflare hosts the A records of teh domain remedypublication.net, which belongs to Remedy Publishers, aka OMICS. OMICS is a publisher of «open-access» journals. It solicits contributions and (by implication) subscriptions to its journals by sending spam to scraped, purchased, or appended lists. OMICS has considerably over 100 SBL listings, over 40 of which are currently… Читать далее Spam MX services (remedypublication.net) (OMICS)
Spammer hosting @172.67.194.231
Spammer hosting located here: http://nyc.hiremedical.com/home/redirect/?site=//0xC227CF2A?MTk4NTk3MTg4PTQyOTk0JjM0MjU4MjU9MjY1JjE0Mz1jbGljayY3cm5ud2U9NiZsaWQ9NjA3Mw== -> http://194.39.207.42/?X —> https://www.loansidemed.com/2LMRW6M/LZBSWBW/?sub2=X —> https://getnuubu.com/articles/uncovered-japanese/?l=X $ dig +short getnuubu.com 172.67.194.231 104.21.12.141 Spam sample ======================================== Received: from forget.beginndend.com (forget.beginndend.com [27.255.79.190]) by X (Postfix) with ESMTP id X for <X>; Sat, 22 Jan 2022 X Received: from tpgau.xyz (unknown [74.63.254.136]) by X (Postfix) with ESMTP id X for <X>; Sat, 22… Читать далее Spammer hosting @172.67.194.231
Cryptocurrency Scam (coinlux.net)
Cloudflare hosts the A record and website of the domain coinlux.net. This domain appears in the URIs of spam sent to a filthy list, impliying that the recipient is a «customer» and that a large sum of money was deposited in their «account». Received: from THANKYOU.home (unknown [103.48.50.60]) Received: from [45.249.91.164] ([45.249.91.164]) by home with… Читать далее Cryptocurrency Scam (coinlux.net)
Spammer hosting @104.21.12.141
Spammer hosting located here: http://nyc.hiremedical.com/home/redirect/?site=//0xC227CF2A?MTk4NTk3MTg4PTQyOTk0JjM0MjU4MjU9MjY1JjE0Mz1jbGljayY3cm5ud2U9NiZsaWQ9NjA3Mw== -> http://194.39.207.42/?X —> https://www.loansidemed.com/2LMRW6M/LZBSWBW/?sub2=X —> https://getnuubu.com/articles/uncovered-japanese/?l=X $ dig +short getnuubu.com 172.67.194.231 104.21.12.141 Spam sample ======================================== Received: from forget.beginndend.com (forget.beginndend.com [27.255.79.190]) by X (Postfix) with ESMTP id X for <X>; Sat, 22 Jan 2022 X Received: from tpgau.xyz (unknown [74.63.254.136]) by X (Postfix) with ESMTP id X for <X>; Sat, 22… Читать далее Spammer hosting @104.21.12.141