Cryptocurrency Scam (coinlux.net)

Cloudflare hosts the A record and website of the domain coinlux.net. This domain appears in the URIs of spam sent to a filthy list, impliying that the recipient is a «customer» and that a large sum of money was deposited in their «account». Received: from THANKYOU.home (unknown [103.48.50.60]) Received: from [45.249.91.164] ([45.249.91.164]) by home with… Читать далее Cryptocurrency Scam (coinlux.net)

Loki botnet controller @188.114.96.22

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.96.22 on port 80 (using HTTP POST): hXXp://hfjv9g950bag53fcbcdnbcbnmhy35zch.tk/BN1/fre.php $ dig +short hfjv9g950bag53fcbcdnbcbnmhy35zch.tk 188.114.96.22 Referencing malware binaries (MD5 hash): 548fceb4959384ed0351f1fcd4ef54e1 — AV detection:… Читать далее Loki botnet controller @188.114.96.22

Loki botnet controller @172.67.194.126

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.194.126 on port 80 (using HTTP POST): hXXp://mangeruio.ir/oluwa/five/fre.php $ dig +short mangeruio.ir 172.67.194.126 Referencing malware binaries (MD5 hash): 07553298f0f744325b03796d803f0add — AV detection:… Читать далее Loki botnet controller @172.67.194.126

Spamvertised website

Received: from amazon.com (194.116.217.118 [194.116.217.118]) Date: Thu, 27 Jan 2022 20:1x:xx GMT Subject: «Anna added you to the friends list» From: «FuckBook»<no-reply@shtro.top> https://subscriber.pathwayhomerealtygroup.com/SubscribeClick 172.67.166.230 https://tiktik.jp/ 104.21.70.223

Loki botnet controller @104.21.3.248

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.3.248 on port 80 (using HTTP POST): hXXp://augmentinprod.ir/jin/five/fre.php $ dig +short augmentinprod.ir 104.21.3.248 Referencing malware binaries (MD5 hash): 16f716620dd5c0151f14e9972ceece41 — AV detection:… Читать далее Loki botnet controller @104.21.3.248

reklaimyou.com (Reklaim)

This IP address hosts the A record and website of the domain reklaimyou.com. This domain is spamming heavily through direct bulk email sender @Mail250. Received: from sfr57.top (sfr57.top [51.79.69.115]) Date: Mon, 31 Jan 2022 00:##:## +0530 From: Reklaim <hello@reklaimyou.com> Subject: Your consent is required <snip> [Take back what is yours.] [[ URI: https://smtracking.reklaimyou.com/track/click/<x> Redirects to… Читать далее reklaimyou.com (Reklaim)

reklaimyou.com (Reklaim)

This IP address hosts the A record and website of the domain reklaimyou.com. This domain is spamming heavily through direct bulk email sender @Mail250. Received: from sfr57.top (sfr57.top [51.79.69.115]) Date: Mon, 31 Jan 2022 00:##:## +0530 From: Reklaim <hello@reklaimyou.com> Subject: Your consent is required <snip> [Take back what is yours.] [[ URI: https://smtracking.reklaimyou.com/track/click/<x> Redirects to… Читать далее reklaimyou.com (Reklaim)

Malware botnet controller @172.67.202.104

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.202.104 on port 80 (using HTTP GET): hXXp://hornygl.xyz/addInstall.php $ dig +short hornygl.xyz 172.67.202.104 Referencing malware binaries (MD5 hash): 00ffe9c9aa3975d6acc495795b775cf3 — AV detection:… Читать далее Malware botnet controller @172.67.202.104

SMS Spammer hosting

SMS Spammed URL: https://aircloak.co/[] Looks like a URL shortener, but all URLs redirect to https://newsfor24x7.com/lean/[] aircloak.co. 143 IN A 172.67.223.45 aircloak.co. 143 IN A 104.21.38.139 newsfor24x7.com. 300 IN A 172.67.194.201 newsfor24x7.com. 300 IN A 104.21.52.36 — Domain Name: aircloak.co Registry Domain ID: DC5DBB495F5274DEA959A0F9EEFC612A9-GDREG Registrar WHOIS Server: Registrar URL: www.ownregistrar.com Updated Date: 2022-01-27T11:31:14Z Creation Date: 2021-07-28T18:18:55Z… Читать далее SMS Spammer hosting

SMS Spammer hosting

SMS Spammed URL: https://aircloak.co/[] Looks like a URL shortener, but all URLs redirect to https://newsfor24x7.com/lean/[] aircloak.co. 143 IN A 172.67.223.45 aircloak.co. 143 IN A 104.21.38.139 newsfor24x7.com. 300 IN A 172.67.194.201 newsfor24x7.com. 300 IN A 104.21.52.36 — Domain Name: aircloak.co Registry Domain ID: DC5DBB495F5274DEA959A0F9EEFC612A9-GDREG Registrar WHOIS Server: Registrar URL: www.ownregistrar.com Updated Date: 2022-01-27T11:31:14Z Creation Date: 2021-07-28T18:18:55Z… Читать далее SMS Spammer hosting