Chinese phisher landing sites by the bushel. URLS like: hxxps://kddli.oaiu.zxbssw.xyz hxxps://kidi.aui.cxvdef.xyz hxxps://aiui.kads.brswfs.xyz hxxps://viu.kddl.vaexcm.xyz hxxps://kaidi.iuia.eqexc.xyz All KDDI AU phish. 34.97.207.128 0elzngf5rj90hkv.kiu.aui.hsgafd.xyz 34.97.207.128 hcxvlvbq2e3gi3n.kiu.aui.hsgafd.xyz 34.97.207.128 m0r4v1cgespcnar.kiu.aui.hsgafd.xyz 34.97.207.128 aw9ixf4pyxss49a.kiu.aui.hsgafd.xyz 34.97.207.128 mj6dssejl6sjirb.kiu.aui.hsgafd.xyz 34.97.207.128 scojantgsuhjlir.kiu.aui.hsgafd.xyz 34.97.207.128 kiu.aui.hsgafd.xyz 34.97.207.128 w6w4wdobu4zhhml.kiu.aui.hsgafd.xyz 34.97.207.128 yp606jmibcfkags.kiu.aui.hsgafd.xyz 34.97.207.128 gmg9zskkanstsig.kiu.aui.hsgafd.xyz 34.97.207.128 uvci6v8hlw0je4k.kiu.aui.hsgafd.xyz 34.97.207.128 b9k1bg9idkexhap.kiu.aui.hsgafd.xyz 34.97.207.128 okobolqijyeduuy.kiu.aui.hsgafd.xyz 34.97.207.128 sic5n5mfa2onzfm.kiu.aui.hsgafd.xyz 34.97.207.128 y9leqwosuqks9ng.kiu.aui.hsgafd.xyz 34.97.207.128 q3ek06t4wrfbu2o.kiu.aui.hsgafd.xyz 34.97.207.128 vmsvrvgk06xvlbm.kiu.aui.hsgafd.xyz 34.97.207.128 rgf7drpolhdwntr.kiu.aui.hsgafd.xyz 34.97.207.128… Читать далее Assorted phish landing sites.
Рубрика: google.com
Assorted phish landing sites.
Currently phishing ETC cards. 2-etcmeisai.ga 2-etcmeisai.gq 2-etcmeisai.ml 2etc-meisai.tk etc2-meisai.ml 34.96.183.106 2-etcmeisai.gq 34.96.183.106 2etc-meisai.tk
Tofsee botnet controller @35.228.103.145 [second listing]
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.228.103.145 on port 443 TCP: $ telnet 35.228.103.145 443 Trying 35.228.103.145… Connected to 35.228.103.145. Escape character… Читать далее Tofsee botnet controller @35.228.103.145 [second listing]
phishing server
Fake URL shorteners 34.106.127.116|hostbi01-authicly.com|2022-02-17 17:18:28 34.106.127.116|secbe2-authicly.com|2022-02-17 18:32:32 34.106.127.116|secu05-authicly01.com|2022-02-18 21:41:09 34.106.127.116|securb03-authicly.org|2022-02-17 19:37:19 34.106.127.116|securb05-authicly.com|2022-02-18 21:36:29 34.106.127.116|usersbic04-authicle.com|2022-02-18 22:51:34 34.106.127.116|usersly04-secb03.com|2022-02-19 00:41:13
Assorted phish landing sites.
And people wonder why ga/ml/cf/gq have a terrible reputation. All these and more: 34.102.120.35 mypaidygjhs.ga 34.102.120.35 mypaidyseveghk.ml 34.102.120.35 mysoftbankesues.ml 34.102.120.35 mypaidygjhs.cf 34.102.120.35 mypaidygjhsjh.gq 34.102.120.35 mysoftbankesho.cf 34.102.120.35 mysoftbankesiesa.cf 34.102.120.35 mysoftbankeselouts.gq 34.102.120.35 mypaidygjhsjh.ml 34.102.120.35 mypaidygjhsjh.ga 34.102.120.35 mysoftbankesues.gq 34.102.120.35 mysoftbankeselouts.ga 34.102.120.35 mypaidysevegh.ml 34.102.120.35 mypaidygjhsfdk.ml 34.102.120.35 mysoftbankesuesde.gq 34.102.120.35 mysoftbankesiesa.gq 34.102.120.35 mysoftbankesues.cf 34.102.120.35 mysoftbankesho.ml 34.102.120.35 mypaidyseveghk.cf 34.102.120.35 mypaidygjhsfdk.ga 34.102.120.35 mysoftbankesiesa.ml… Читать далее Assorted phish landing sites.
Assorted phish landing sites.
Good old dynamic DNS… https://mercari-email.ddnsking.com https://mercari-email.ddns.net https://mrcari-emie.ddnsking.com
phishing server
34.102.120.239|citidpt.com|2022-02-15 04:41:07 34.102.120.239|citidpts.com|2022-02-15 22:01:57 34.102.120.239|citisverify.com|2022-02-16 01:26:41 34.102.120.239|verify-citi.us|2022-02-15 20:52:24 34.102.120.239|verifycitis.com|2022-02-16 01:02:28
Arechclient2 botnet controller @104.197.24.118
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 104.197.24.118 on port 15647 TCP: $ telnet 104.197.24.118 15647 Trying 104.197.24.118… Connected to 104.197.24.118. Escape character… Читать далее Arechclient2 botnet controller @104.197.24.118
expertappdeveloper.com (SEO/appdev/webdev)
This IP address hosts the A record, MX record, and website of the domain expertappdeveloper.com. This domain belongs to an India-based web and application developer. The spammer is spamming email addresses scraped from Whois records. The domain expertappdeveloper.com is apparently registered by Aliyun, but Aliyun’s whois server indicates that the domain does not exist. So… Читать далее expertappdeveloper.com (SEO/appdev/webdev)
Cybercrime sites
34.65.197.40 briankrebs.cm 2022-02-07 13:01:01 34.65.197.40 briansclub.cm 2022-02-08 01:25:33 34.65.197.40 marketo.best 2022-02-08 12:08:53 34.65.197.40 marketo.cash 2022-02-08 12:09:48 34.65.197.40 marketo.center 2022-02-08 12:08:22 34.65.197.40 marketo.city 2022-02-08 12:08:51 34.65.197.40 marketo.cloud 2022-02-08 12:08:16 _______________________________ Was: marketo.best. 600 IN A 195.43.142.213 marketo.cash. 600 IN A 195.43.142.213 marketo.city. 600 IN A 195.43.142.213 _______________________________ Was: 193.178.172.74 marketo.best 2022-02-07 22:07:06 193.178.172.74 marketo.cash 2022-02-07 22:06:31… Читать далее Cybercrime sites