Рубрика: digitalocean.com

137.184.113.238|identitywells.com|2022-02-23 01:56:16 137.184.113.238|secfidelity.com|2022-02-15 01:56:33 137.184.113.238|unblockwells.com|2022-02-23 22:41:48 137.184.113.238|wfbidentity.com|2022-02-21 08:17:08

citi-supportnow.com has address 137.184.185.22 Citibank Online 137.184.185.22|citi-supportdesk.com|2022-02-21 20:42:38 137.184.185.22|citi-supportnow.com|2022-02-23 23:52:01 137.184.185.22|citihelp.info|2022-02-23 18:08:07 137.184.185.22|citihelp.site|2022-02-22 20:16:58 137.184.185.22|citisecured.la|2022-02-22 04:57:03 137.184.185.22|citiwebsites.com|2022-02-21 23:11:44 137.184.185.22|citiwebsupp1.com|2022-02-24 01:36:55 137.184.185.22|secciti9.com|2022-02-24 01:07:19 137.184.185.22|uspsnow.org|2022-02-24 00:21:41

164.90.132.145|authchase01s.com|2022-02-21 01:36:27

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 206.189.100.203 on port 80 (using HTTP GET): hXXp://206.189.100.203/wavesf Referencing malware binaries (MD5 hash): 26895e53b9a4a15fb3339a5172ebed4d — AV detection: 29 / 70 (41.43) 7b54ea7ef3102ab2cbc740fb2031b62a… Читать далее RaccoonStealer botnet controller @206.189.100.203

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 139.59.179.53 on port 80 (using HTTP POST): hXXp://candinavia.ga/teejay/logs/fre.php $ dig +short candinavia.ga 139.59.179.53 $ nslookup 139.59.179.53 qontracshipping.ga Referencing malware binaries (MD5 hash):… Читать далее Loki botnet controller @139.59.179.53

2022-02-15 s100viewpoints.com. 60 IN A 165.22.232.123 2022-02-10 s100viewpoints.com. 60 IN A 159.223.52.198 Received: from DB6PR0301CA0048.eurprd03.prod.outlook.com (2603:10a6:4:54::16) Date: Thu, 03 Feb 2022 02:5x:xx +0000 From: Top Alternative Investment <[]@[].s100viewpoints.com> Subject: 𝗧𝗵𝗲 𝗴𝗿𝗲𝗮𝘁𝗲𝘀𝘁 𝗺𝗼𝗻𝗲𝘆 𝗿𝗲𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗼𝗳 𝗮𝗹𝗹 𝘁𝗶𝗺𝗲 http://s100viewpoints.com/[] 159.223.48.46 https://volarealora.com/[] 193.124.15.64 https://www.nmxkj4trk.com/[]/?sub1=351076&sub2=[] 34.120.5.10

IP emitting advance fee fraud (‘419’) spam, probably thanks to a compromised password. mail.pdf-books.org. 300 IN A 206.81.8.224 ================================================================== Return-Path: <info@bapco.com> Received: from server.pdf-books.org (unknown [206.81.8.224]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Mon, 14 Feb 2022 xx:xx:xx +0100 (CET) Received: from… Читать далее advance fee fraud spam source at pdf-books.org

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 159.65.243.143 on port 8080 TCP: $ telnet 159.65.243.143 8080 Trying 159.65.243.143… Connected to 159.65.243.143. Escape character… Читать далее AsyncRAT botnet controller @159.65.243.143

137.184.128.66|accessservicenoreply.com|2022-02-08 01:16:37 137.184.128.66|mysignon-navy-federal-info.info|2022-02-11 17:17:24

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 143.244.178.247 on port 8081 TCP: $ telnet 143.244.178.247 8081 Trying 143.244.178.247… Connected to 143.244.178.247. Escape character… Читать далее CobaltStrike botnet controller @143.244.178.247