Рубрика: linode.com

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 185.3.95.153 on port 80 (using HTTP GET): hXXp://185.3.95.153/capibar $ nslookup 185.3.95.153 185-3-95-153.ip.linodeusercontent.com Referencing malware binaries (MD5 hash): 041e5cda57c8db6f67f754250cd71b91 — AV detection: 29… Читать далее RaccoonStealer botnet controller @185.3.95.153

This IP address hosts a redirector, tracking URI, and unsubscribe website for an open-access journal published by OMICS, a large publisher of «open-access» journals. It is Received: from mail0.ajsurclcasre.com (mail0.ajsurclcasre.com [139.59.78.233]) Date: Thu, 06 Jan 2022 10:##:## +0000 From: American Journal of Surgery and Clinical Case Reports (ISSN <x>) <editor@ajsurclcasre.com> Reply-To: American Journal of Surgery… Читать далее Spam Hosting (OMICS) (Redirector / Tracking / Unsubscribes)

This IP address hosts a spam redirector, click collector, and unsubscribe URI for OMICS (aka Remedy Publishers, aka Austin Publishing, etc.) OMICS runs business training webinars, and advertises those services to lists of email addresses that were scraped from public sources, purchased from a list seller, or obtained through an email appender. OMICS has a… Читать далее Spam Redirector/Unsubscribe/Click Collection URI (OMICS)

This IP address hosts the A record, MX record, and website of the domain xibersoft.com. The owners of this domain hired ROKSO spammer SyedsMarketing to advertise for them. Received: from mail-oi1-f191.google.com (mail-oi1-f191.google.com [209.85.167.191]) Sender: emarketeersgroup03@googlegroups.com Date: Fri, 24 Dec 2021 15:##:## +0500 From: Xiber Soft <promotions.emarketeers02@gmail.com> Subject: Fast & Reliable Web Hosting Services <snip> Get… Читать далее xibersoft.com (SyedsMarketing customer)

This IP address hosts the A and MX records for teh domain najmed.info, which appears as a dropbox email address in message bodies of spam. These email addresses are often the only contact points with the spammer. The owner of this domain is OMICS, aka Remedy Publications, Austin Publishers. OMICS publishes a range of open… Читать далее Spam Emitter (najmed.info) (OMICS)

Stolen credit card data sites: https://procrd.biz/ >>> https://i.imgur.com/dnhfzOq.gif >>> https://www.fe-acc18.ru/ 213.52.129.206 fe-acc18.ru 2021-12-17 01:23:41 ________________ Was: 185.236.231.138 fe-acc18.ru 2021-12-15 15:38:08 ________________ Was: 159.203.41.229 fe-acc18.ru 2021-12-13 03:21:12 ________________ Was: 216.73.159.30 fe-acc18.ru 2021-12-11 00:05:42 ________________ Was: 45.9.20.217 fe-acc18.ru 2021-12-09 23:33:45 216.73.159.30 fe-acc18.ru 2021-12-11 00:05:42 ________________ Was: 91.241.19.78 fe-acc18.ru 2021-12-09 01:40:53 ________________ Was: fe-acc18.ru. 300 IN A 193.56.146.111… Читать далее Carding fraud site/forums: fe-acc18.ru

MooBot botnet controller hosted here: $ telnet 139.162.59.39 7074 Trying 139.162.59.39… Connected to 139.162.59.39. Escape character is ‘^]’.

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.105.27.61 on port 4898 TCP: $ telnet 172.105.27.61 4898 Trying 172.105.27.61… Connected to 172.105.27.61. Escape character… Читать далее BitRAT botnet controller @172.105.27.61

139.162.125.139|a0zmf-ups.com|2021-12-11 20:20:40 139.162.125.139|a13wb-ups.com|2021-12-11 20:25:48 139.162.125.139|a1dpi-ups.com|2021-12-11 21:00:45 139.162.125.139|a1w0g-ups.com|2021-12-11 20:31:01 139.162.125.139|a1xez-ups.com|2021-12-11 20:45:47 139.162.125.139|a25tq-ups.com|2021-12-11 20:30:44 139.162.125.139|a2acb-ups.com|2021-12-11 21:00:41 139.162.125.139|a2dsd-ups.com|2021-12-11 20:20:48 139.162.125.139|a3bdy-ups.com|2021-12-11 21:00:32 139.162.125.139|a3e0n-ups.com|2021-12-11 20:25:59 139.162.125.139|a3jge-ups.com|2021-12-11 20:25:43 139.162.125.139|a3v00-ups.com|2021-12-11 20:20:50 139.162.125.139|a40cx-ups.com|2021-12-11 21:00:51 139.162.125.139|a4kpm-ups.com|2021-12-11 20:25:36 139.162.125.139|a4rfy-ups.com|2021-12-11 20:30:44 139.162.125.139|a5gqt-ups.com|2021-12-11 20:25:54 139.162.125.139|a5pg2-ups.com|2021-12-11 21:00:46 139.162.125.139|a9ekc-ups.com|2021-12-11 20:25:44 139.162.125.139|aasd1-ups.com|2021-12-11 20:20:34 139.162.125.139|aasdl-ups.com|2021-12-11 20:20:52 139.162.125.139|abzc8-ups.com|2021-12-11 20:25:35 139.162.125.139|ac8pm-ups.com|2021-12-11 20:25:49 139.162.125.139|adyk0-ups.com|2021-12-11 21:00:37 139.162.125.139|af30u-ups.com|2021-12-11 20:20:57 139.162.125.139|afdsr-ups.com|2021-12-11 20:20:50 139.162.125.139|aj7lu-ups.com|2021-12-11 20:35:40 139.162.125.139|ajbnu-ups.com|2021-12-11 20:25:41 139.162.125.139|alg1u-ups.com|2021-12-11… Читать далее UPS phishing sites

Received: from azdazdazd188.onmicrosoft.com (172.105.110.177) Date: Wed, 01 Dec 2021 01:0x:xx +0100 From: «Saatva Partner» <[]@[].mountindburoto.xyz> Subject: Try a new mattress in the comfort of home and save $225