Mail server distributing advance fee fraud (‘419’) spam, probably thanks to a compromised password. mail.if-liban.com. 300 IN A 116.202.192.198 ============================================================================ Return-Path: <ketty.abboud@if-liban.com> Received: from mail.if-liban.com (HELO mail.if-liban.com) (116.202.192.198) by x (x) with (AES256-SHA encrypted) ESMTPS; Sun, 09 Jan 2022 xx:xx:xx +0000 Received: from mail.if-liban.com (localhost.localdomain [127.0.0.1]) by mail.if-liban.com (Postfix) with ESMTP id x for <x>;… Читать далее advance fee fraud spam source at if-liban.com
Рубрика: hetzner.de
phishing server
hXXps://irs.govvernment.cloud/form/personal gov-taxreturn.com 2022-01-07 06:45:04 infrmatiion.com 2022-01-07 14:37:57 govvernment.cloud 2022-01-05 23:52:43 ig-badgeverification.tk 2022-01-07 15:11:07 app-options.cloud 2022-01-01 11:06:36 app-billing.cloud 2022-01-01 10:59:07 app-update.cloud 2022-01-01 11:06:32 online-login-digital-mobile.com 2021-12-24 10:03:05 wallet-i.top 2021-12-28 23:00:05 fb-serviceforbadge.tk 2021-12-29 17:31:35 fb-badgeservices.tk 2021-12-29 15:48:15 ig-serviceforbadge.tk 2021-12-29 15:32:43 + dozens of Crypto wallet phish sites
Spam Emitter (GFORD Institute of Management)
This IP address is sending spam for the GFORD Institute of Management, a business training operation that offers webinars and other online training, and advertises those services to scraped, purchased or appended lists. This entity has many previous and current SBL listings. Received: from delhi.hopto.org (static.196.224.9.5.clients.your-server.de [5.9.224.196]) Received: from LAPTOP7BMJ9A40 (unknown [223.233.76.172]) Date: Tue, 4… Читать далее Spam Emitter (GFORD Institute of Management)
Malware botnet controller @65.21.234.58
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.21.234.58 on port 8080 (using HTTP GET): hXXp://65.21.234.58/pm $ nslookup 65.21.234.58 65-21-234-58.serverhub.ru Referencing malware binaries (MD5 hash): 3d2de2a6844ccb71b796ea8d45d425fc — AV detection: 34… Читать далее Malware botnet controller @65.21.234.58
GCleaner botnet controller @188.40.15.9
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. GCleaner botnet controller located at 188.40.15.9 on port 80 (using HTTP GET): hXXp://favartif.top/getFile.php Referencing malware binaries (MD5 hash): a12b8d3cd6f1fee82d85eb2b6ecc4d72 — AV detection: 39 / 68 (57.35) a361d0ab7facb9cb9d4f4508c45e7514… Читать далее GCleaner botnet controller @188.40.15.9
Malware botnet controller @5.9.224.199
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 5.9.224.199 on port 443: $ telnet 5.9.224.199 443 Trying 5.9.224.199… Connected to 5.9.224.199. Escape character is ‘^]’ Malicious domains observed at this… Читать далее Malware botnet controller @5.9.224.199
AsyncRAT botnet controller @94.130.208.107
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 94.130.208.107 on port 2021 TCP: $ telnet 94.130.208.107 2021 Trying 94.130.208.107… Connected to 94.130.208.107. Escape character… Читать далее AsyncRAT botnet controller @94.130.208.107
RedLineStealer botnet controller @49.12.34.17
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 49.12.34.17 on port 33715 TCP: $ telnet 49.12.34.17 33715 Trying 49.12.34.17… Connected to 49.12.34.17. Escape character… Читать далее RedLineStealer botnet controller @49.12.34.17
ArkeiStealer botnet controller @65.108.69.168
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.108.69.168 on port 13293 TCP: $ telnet 65.108.69.168 13293 Trying 65.108.69.168… Connected to 65.108.69.168. Escape character… Читать далее ArkeiStealer botnet controller @65.108.69.168
ArkeiStealer botnet controller @159.69.246.184
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 159.69.246.184 on port 13127 TCP: $ telnet 159.69.246.184 13127 Trying 159.69.246.184… Connected to 159.69.246.184. Escape character… Читать далее ArkeiStealer botnet controller @159.69.246.184